PT-2017-3687 · Mozilla+2 · Firefox+2

Looben Yang

Published

2017-11-16

Updated

2024-12-12

CVE-2018-5092

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 58

Description: A use-after-free issue can occur when a Web Worker thread is freed from memory prematurely, instead of from the main thread memory, while cancelling fetch operations. This can potentially lead to a denial of service. The vulnerability is related to the implementation of the Web Worker mechanism in the browser, which can cause an out-of-bounds operation in memory.

Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-1178

ALT-PU-2018-1854

BDU:2018-00880

CVE-2018-5092

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3544-1

USN-3544-2

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2017-3687 · Mozilla+2 · Firefox+2

CVE-2018-5092

Weakness Enumeration

Related Identifiers

Affected Products

References · 1910