PT-2018-3594 · Mozilla+5 · Firefox Esr+7

Nils

·

Published

2018-01-15

·

Updated

2024-12-12

·

CVE-2018-5127

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 52.7 Firefox ESR versions prior to 52.7 Firefox versions prior to 59
Description A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script, resulting in a potentially exploitable crash. The issue is related to the implementation of the animatedPathSegList property in the SVG markup language, which can cause a buffer data boundary overflow. This can allow a remote attacker to cause a denial of service.
Recommendations For Thunderbird versions prior to 52.7, update to version 52.7 or later. For Firefox ESR versions prior to 52.7, update to version 52.7 or later. For Firefox versions prior to 59, update to version 59 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1481
ALT-PU-2018-1502
ALT-PU-2018-1854
BDU:2021-00392
CESA-2018_0526
CESA-2018_0527
CESA-2018_0647
CESA-2018_0648
CVE-2018-5127
DLA-1308-1
DLA-1327-1
DSA-4139-1
DSA-4155-1
MGASA-2018-0202
MGASA-2018-0203
MGASA-2018-0207
MGASA-2018-0338
OPENSUSE-SU-2018:0818-1
OPENSUSE-SU-2018:0819-1
OPENSUSE-SU-2018_0681-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2018:0526
RHSA-2018:0527
RHSA-2018:0647
RHSA-2018:0648
RHSA-2018_0526
RHSA-2018_0527
RHSA-2018_0647
RHSA-2018_0648
SUSE-SU-2018:0850-1
SUSE-SU-2018:0907-1
USN-3545-1
USN-3596-1
USN-3596-2

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu