CVE-2018-18503 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

8.8HIGHNVD

OSV9.8

EPSS

2.0%

top 16.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Canonical Ubuntu Linux

Timeline

PublishedFeb 5

Latest updateMay 14

Description

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/firefox< firefox 65.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 65

▶NVDmozilla/firefox< 65.0

▶Ubuntumozilla/firefox< 65.0+build2-0ubuntu0.14.04.1+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-cgpr-293c-5r54: When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some↗2022-05-14

▶

OSV

firefox vulnerabilities↗2019-01-30

▶

OSV

CVE-2018-18503: When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some↗2019-01-30

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2019-01-30

▶

Debian

CVE-2018-18503: firefox - When JavaScript is used to create and manipulate an audio buffer, a potentially ...↗2018

▶