CVE-2018-5129

UNKNOWN

Published 2018-06-11T21:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-5129. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Mozilla

Thunderbird

Affected Versions:

unspecified

Mozilla

Firefox ESR

Affected Versions:

unspecified

Mozilla

Firefox

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-x4cw-r9m3-pj4c

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-5129

WEB https://www.mozilla.org/security/advisories/mfsa2018-09

WEB https://www.mozilla.org/security/advisories/mfsa2018-07

WEB https://www.mozilla.org/security/advisories/mfsa2018-06

WEB https://www.debian.org/security/2018/dsa-4155

WEB https://www.debian.org/security/2018/dsa-4139

WEB https://usn.ubuntu.com/3596-1

WEB https://usn.ubuntu.com/3545-1

WEB https://security.gentoo.org/glsa/201811-13

WEB https://security.gentoo.org/glsa/201810-01

WEB https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

WEB https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

WEB https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

WEB https://access.redhat.com/errata/RHSA-2018:0648

WEB https://access.redhat.com/errata/RHSA-2018:0647

WEB https://access.redhat.com/errata/RHSA-2018:0527

WEB https://access.redhat.com/errata/RHSA-2018:0526

WEB http://www.securityfocus.com/bid/103388

WEB http://www.securitytracker.com/id/1040514

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2022, Modified: May 14, 2022

References

https://www.debian.org/security/2018/dsa-4139

https://security.gentoo.org/glsa/201810-01

http://www.securityfocus.com/bid/103388

https://security.gentoo.org/glsa/201811-13

https://access.redhat.com/errata/RHSA-2018:0527

https://usn.ubuntu.com/3545-1/

https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

https://www.mozilla.org/security/advisories/mfsa2018-09/

https://www.mozilla.org/security/advisories/mfsa2018-07/

https://access.redhat.com/errata/RHSA-2018:0526

https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

https://www.debian.org/security/2018/dsa-4155

https://access.redhat.com/errata/RHSA-2018:0648

https://access.redhat.com/errata/RHSA-2018:0647

http://www.securitytracker.com/id/1040514

https://usn.ubuntu.com/3596-1/

https://www.mozilla.org/security/advisories/mfsa2018-06/

https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

Published: 2018-06-11T21:00:00

Last Modified: 2024-08-05T05:26:46.961Z

Copied to clipboard!

CVE-2018-5129

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Thunderbird

Affected Versions:

Firefox ESR

Affected Versions:

Firefox

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!