PT-2017-3685 · Mozilla+2 · Firefox+2

Published

2017-11-09

Updated

2024-12-12

CVE-2018-5094

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 58

Description: A heap buffer overflow issue may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized, resulting in a potentially exploitable crash. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider disabling WebAssembly until a patch is available. Restrict access to WebAssembly modules to minimize the risk of exploitation. Avoid using the shrinkElements function in WebAssembly until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1178

ALT-PU-2018-1854

BDU:2018-00878

CVE-2018-5094

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3544-1

USN-3544-2

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2017-3685 · Mozilla+2 · Firefox+2

CVE-2018-5094

Weakness Enumeration

Related Identifiers

Affected Products

References · 1910