CVE-2018-5178 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox ESR
Severity
8.1HIGHNVD
OSV9.8
EPSS
18.2%
top 4.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages11 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.5
🔴Vulnerability Details
4GHSA▶
GHSA-2fp8-wvjf-2gv9: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data↗2022-05-14
OSV▶
CVE-2018-5178: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data↗2018-06-11
CVEList▶
CVE-2018-5178: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data↗2018-06-11
📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2018-5178 Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension↗2018-05-09