CVE-2018-5159

EPSS 21.3%

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Produtos afetados

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird Mozilla · Thunderbird ESR

PoCs públicas encontradas — 2

cve_referencewww.exploit-db.com/exploits/44759/não verificado exploitdbwww.exploit-db.com/exploits/44759não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1441941 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3645-1/https://usn.ubuntu.com/3660-1/https://www.debian.org/security/2018/dsa-4199