CVE-2018-5146 Information

Description

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1 Firefox ESR 52.7.2 and Thunderbird 52.7.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103432 http://www.securitytracker.com/id/1040544 https://access.redhat.com/errata/RHSA-2018:0549 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0649 https://access.redhat.com/errata/RHSA-2018:1058 https://bugzilla.mozilla.org/show_bug.cgi?id=1446062 https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3545-1/ https://usn.ubuntu.com/3599-1/ https://usn.ubuntu.com/3604-1/ https://www.debian.org/security/2018/dsa-4140 https://www.debian.org/security/2018/dsa-4143 https://www.debian.org/security/2018/dsa-4155 https://www.mozilla.org/security/advisories/mfsa2018-08/ https://www.mozilla.org/security/advisories/mfsa2018-09/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8