CVE-2018-5130
published 2018-06-11CVE-2018-5130: When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 59.0-1 (sid) | firefox 59.0-1 (sid) |
| debian | firefox-esr | < firefox 59.0-1 (sid) | firefox 59.0-1 (sid) |
| mozilla | firefox | < 52.7.0 | 52.7.0 |
| mozilla | firefox | < 59.0 | 59.0 |
| mozilla | firefox | >= 0 < 59.0+build5-0ubuntu0.14.04.1 | 59.0+build5-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 59.0.2+build1-0ubuntu0.14.04.4 | 59.0.2+build1-0ubuntu0.14.04.4 |
| mozilla | firefox | >= 0 < 59.0+build5-0ubuntu0.16.04.1 | 59.0+build5-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 59.0.2+build1-0ubuntu0.16.04.3 | 59.0.2+build1-0ubuntu0.16.04.3 |
| mozilla | firefox | >= unspecified < 59 | 59 |
| mozilla | firefox_esr | >= unspecified < 52.7 | 52.7 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH