Vulnerability identifier: #VU10968
Vulnerability risk: High
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a lack of parameter validation on IPC messages. A remote attacker can supply specially crafted malformed IPC messages, trigger out-of-bounds write, escape sandbox and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to version ESR 52.7.
Vulnerable software versions
Firefox ESR: 52.6.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?