CVE-2018-5153 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

1.2%

top 20.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Canonical Ubuntu Linux

Timeline

PublishedJun 11

Latest updateMay 14

Description

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/firefox< firefox 60.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 60

▶NVDmozilla/firefox< 60.0

▶Ubuntumozilla/firefox< 60.0+build2-0ubuntu0.14.04.1+5

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

GHSA

GHSA-qcqg-65g5-53c7: If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted↗2022-05-14

▶

OSV

firefox regression↗2018-05-18

▶

OSV

firefox vulnerabilities↗2018-05-11

▶

OSV

CVE-2018-5153: If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted↗2018-05-11

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2018-05-18

▶

Ubuntu

Firefox vulnerabilities↗2018-05-11

▶

Red Hat

Mozilla: Out-of-bounds read in mixed content websocket messages↗2018-05-09

▶

Debian

CVE-2018-5153: firefox - If websocket data is sent with mixed text and binary in a single message, the bi...↗2018

▶

💬Community

Bugzilla

CVE-2018-5153 Mozilla: Out-of-bounds read in mixed content websocket messages↗2018-05-09

▶