PT-2018-2988 · Mozilla+3 · Firefox+3

Dennis Fuchs

Publicado

2018-05-09

Atualizado

2024-12-12

CVE-2018-5153

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue is caused by an out-of-bounds read in the memory of the Firefox browser's WebSocket component. This can allow a remote attacker to disclose protected information. If WebSocket data is sent with mixed text and binary in a single message, the binary data can be corrupted, resulting in an out-of-bounds read. The read memory can be sent to the originating server in response.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding the use of mixed text and binary data in a single WebSocket message until the issue is resolved. Restrict access to sensitive information that could be disclosed through this issue until an update can be applied.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-1787

ALT-PU-2018-1854

BDU:2019-03307

CVE-2018-5153

MGASA-2018-0248

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:2872-1

USN-3645-1

USN-3645-2

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2018-2988 · Mozilla+3 · Firefox+3

CVE-2018-5153

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1939