PT-2018-2995 · Mozilla+3 · Firefox+3

Nicolas B. Pierron

·

Published

2018-05-09

·

Updated

2024-12-12

·

CVE-2018-5163

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60 Firefox ESR (affected versions not specified)
Description The issue is related to errors in privilege management. It may allow a remote attacker to elevate their privileges and execute arbitrary code. If an attacker has already gained control over a content process using another vulnerability, they may be able to replace JavaScript code in the JavaScript Start-up Bytecode Cache (JSBC), potentially escaping the sandbox and executing scripts with elevated privileges.
Recommendations For Firefox versions prior to 60, update to version 60 or later to resolve the issue. For Firefox ESR, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-281

Related Identifiers

ALT-PU-2018-1787
ALT-PU-2018-1854
BDU:2019-03314
CVE-2018-5163
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2019:2872-1
USN-3645-1
USN-3645-2

Affected Products

Alt Linux
Firefox
Suse
Ubuntu