CVE-2018-5163

EPSS 2.1%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

11 jun 2018Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Productos afectados

Mozilla · Firefox

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.mozilla.org/show_bug.cgi?id=1426353 https://usn.ubuntu.com/3645-1/https://www.mozilla.org/security/advisories/mfsa2018-11/http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896