#VU10968 Out-of-bounds write


Published: 2018-03-13

Vulnerability identifier: #VU10968

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2018-5129

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Firefox ESR
Client/Desktop applications / Web browsers

Vendor: Mozilla

Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a lack of parameter validation on IPC messages. A remote attacker can supply specially crafted malformed IPC messages, trigger out-of-bounds write, escape sandbox and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to version ESR 52.7.

Vulnerable software versions

Firefox ESR: 52.6.0


CPE

External links
http://www.mozilla.org/en-US/security/advisories/mfsa2018-07/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability