Main Vulnerability Database Vulnerabilities #VU14635

#VU14635 Out-of-bounds write in Mozilla Firefox - CVE-2018-12379

Published: September 6, 2018

Vulnerability identifier: #VU14635

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12379

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to out-of-bounds write when the Mozilla Updater opens a MAR format file which contains a very long item filename. A local attacker can run the Mozilla Updater on the local system with the malicious MAR file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 62.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/

#VU14635 Out-of-bounds write in Mozilla Firefox - CVE-2018-12379

Description

Remediation

External links

Please verify you're human