CVE-2018-5156: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Affected

37 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox	< firefox 61.0-1 (sid)	firefox 61.0-1 (sid)
debian	firefox-esr	< firefox 61.0-1 (sid)	firefox 61.0-1 (sid)
debian	thunderbird	< firefox 61.0-1 (sid)	firefox 61.0-1 (sid)
mozilla	firefox	< 52.9.0	52.9.0
mozilla	firefox	< 61.0	61.0
mozilla	firefox	>= 0 < 61.0.1+build1-0ubuntu0.14.04.1	61.0.1+build1-0ubuntu0.14.04.1
mozilla	firefox	>= 0 < 61.0+build3-0ubuntu0.14.04.2	61.0+build3-0ubuntu0.14.04.2
mozilla	firefox	>= 0 < 61.0.1+build1-0ubuntu0.16.04.1	61.0.1+build1-0ubuntu0.16.04.1
mozilla	firefox	>= 0 < 61.0+build3-0ubuntu0.16.04.2	61.0+build3-0ubuntu0.16.04.2
mozilla	firefox	>= 0 < 61.0.1+build1-0ubuntu0.18.04.1	61.0.1+build1-0ubuntu0.18.04.1
mozilla	firefox	>= 0 < 61.0+build3-0ubuntu0.18.04.1	61.0+build3-0ubuntu0.18.04.1
mozilla	firefox	>= 52.9.1 < 60.1.0	60.1.0
mozilla	firefox	>= unspecified < 61	61
mozilla	firefox_esr	>= unspecified < 60.1	60.1
mozilla	firefox_esr	>= unspecified < 52.9	52.9
mozilla	thunderbird	< 60.0	60.0
mozilla	thunderbird	>= 0 < 1:60.0-1	1:60.0-1
mozilla	thunderbird	>= 0 < 1:60.0-1	1:60.0-1
mozilla	thunderbird	>= 0 < 1:60.0-1	1:60.0-1

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL