CVE-2018-18510Exposed Dangerous Method or Function in Mozilla Firefox

CWE-749Exposed Dangerous Method or Function7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 38.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedApr 26
Latest updateMay 24

Description

The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/firefox< firefox 64.0-1 (sid)
CVEListV5mozilla/firefoxunspecified64
NVDmozilla/firefox< 64.0
Ubuntumozilla/firefox< 64.0+build3-0ubuntu0.16.04.1+1

🔴Vulnerability Details

2
GHSA
GHSA-pphh-8m7v-77cf: The about:crashcontent and about:crashparent pages can be triggered by web content2022-05-24
OSV
CVE-2018-18510: The about:crashcontent and about:crashparent pages can be triggered by web content2019-04-26

📋Vendor Advisories

2
Red Hat
firefox: The about:crashcontent and about:crashparent pages can be triggered by web content allowing for a non-persistent DoS attack.2018-11-16
Debian
CVE-2018-18510: firefox - The about:crashcontent and about:crashparent pages can be triggered by web conte...2018

💬Community

2
Bugzilla
CVE-2018-18510 firefox: The about:crashcontent and about:crashparent pages can be triggered by web content allowing for a non-persistent DoS attack.2019-04-29
Bugzilla
"about:crashcontent" and "about:crashparent" can be triggered from web content2018-11-16