PT-2018-2988 · Mozilla+3 · Firefox+3

Dennis Fuchs

Published

2018-05-09

Updated

2024-12-12

CVE-2018-5153

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue is caused by an out-of-bounds read in the memory of the Firefox browser's WebSocket component. This can allow a remote attacker to disclose protected information. If WebSocket data is sent with mixed text and binary in a single message, the binary data can be corrupted, resulting in an out-of-bounds read. The read memory can be sent to the originating server in response.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding the use of mixed text and binary data in a single WebSocket message until the issue is resolved. Restrict access to sensitive information that could be disclosed through this issue until an update can be applied.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-1787

ALT-PU-2018-1854

BDU:2019-03307

CVE-2018-5153

MGASA-2018-0248

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:2872-1

USN-3645-1

USN-3645-2

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2018-2988 · Mozilla+3 · Firefox+3

CVE-2018-5153

Weakness Enumeration

Related Identifiers

Affected Products

References · 1939