1. Home
  2. Vulnerabilities
  3. CVE-2018-5163

CVE-2018-5163

CVSS v3.0 8.1 (High)
81% Progress
CVSS v2.0 5.1 (Medium)
51% Progress
EPSS 0.84 % (82th)
0.84% Progress
Affected Products 2
Advisories 5
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Weaknesses
CWE-281
Improper Preservation of Permissions
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:15
(6 years ago)
Updated Date
2019-10-03 00:03:26
(5 years ago)

Affected Products

Canonical

Mozilla

Configuration #1

    CPE23 From Up To
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 17.10 cpe:2.3:o:canonical:ubuntu_linux:17.10
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts

Configuration #2

    CPE23 From Up To
  Mozilla Firefox prior 60.0 version cpe:2.3:a:mozilla:firefox < 60.0