CVE-2018-5163

EUVD-2018-16948

11.06.2018, 21:29

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Affected Products (NVD)

Vendor	Product	Version
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
canonical	ubuntu_linux	18.04
mozilla	firefox	𝑥 < 60.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

firefox

sid	132.0.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

artful	Fixed 60.0+build2-0ubuntu0.17.10.1 released
bionic	Fixed 60.0+build2-0ubuntu1 released
trusty	Fixed 60.0+build2-0ubuntu0.14.04.1 released
xenial	Fixed 60.0+build2-0ubuntu0.16.04.1 released

Common Weakness Enumeration

CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

http://www.securityfocus.com/bid/104139

http://www.securitytracker.com/id/1040896

https://bugzilla.mozilla.org/show_bug.cgi?id=1426353

https://usn.ubuntu.com/3645-1/

https://www.mozilla.org/security/advisories/mfsa2018-11/

http://www.securityfocus.com/bid/104139

http://www.securitytracker.com/id/1040896

https://bugzilla.mozilla.org/show_bug.cgi?id=1426353

https://usn.ubuntu.com/3645-1/

https://www.mozilla.org/security/advisories/mfsa2018-11/