CVE-2018-5186

HIGH

Description

Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.

References

http://www.securityfocus.com/bid/104557

http://www.securitytracker.com/id/1041193

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1464872%2C1463329%2C1419373%2C1412882%2C1413033%2C1444673%2C1454448%2C1453505%2C1438671

https://security.gentoo.org/glsa/201810-01

https://usn.ubuntu.com/3705-1/

https://www.mozilla.org/security/advisories/mfsa2018-15/

Details

Source: MITRE

Published: 2018-10-18

Modified: 2018-12-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
117894	GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
700330	Mozilla Firefox < 61 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
111005	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox regressions (USN-3705-2)	Nessus	Ubuntu Local Security Checks	high
110942	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox vulnerabilities (USN-3705-1)	Nessus	Ubuntu Local Security Checks	high
110811	Mozilla Firefox < 61 Multiple Critical Vulnerabilities	Nessus	Windows	high
110806	Mozilla Firefox < 61 Multiple Critical Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
110700	FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)	Nessus	FreeBSD Local Security Checks	high