#VU12544 Security restrictions bypass in Mozilla Firefox - CVE-2018-5163
Published: May 10, 2018
Vulnerability identifier: #VU12544
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5163
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to replacing of cached data in JavaScript start-up bytecode cache. A remote attacker with full control over a content process can replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code, run the executed script with the parent process' privileges and escaping the sandbox on content processes.
The weakness exists due to replacing of cached data in JavaScript start-up bytecode cache. A remote attacker with full control over a content process can replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code, run the executed script with the parent process' privileges and escaping the sandbox on content processes.
Remediation
Update to version 60.0.