ByteOS Network

Vulnerability Details :

CVE-2018-5129

Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe

Published At-11 Jun, 2018 | 21:00

Updated At-05 Aug, 2024 | 05:26

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mozilla

Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe

Published At:11 Jun, 2018 | 21:00

Updated At:05 Aug, 2024 | 05:26

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Mozilla Corporation

Product

Thunderbird

Versions

Affected

From unspecified before 52.7 (custom)

Vendor

Mozilla Corporation

Product

Firefox ESR

Versions

Affected

From unspecified before 52.7 (custom)

Vendor

Mozilla Corporation

Product

Firefox

Versions

Affected

From unspecified before 59 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	Out-of-bounds write with malformed IPC messages

Type: text

CWE ID: N/A

Description: Out-of-bounds write with malformed IPC messages

References

Hyperlink	Resource
https://www.debian.org/security/2018/dsa-4139	vendor-advisory x_refsource_DEBIAN
https://security.gentoo.org/glsa/201810-01	vendor-advisory x_refsource_GENTOO
http://www.securityfocus.com/bid/103388	vdb-entry x_refsource_BID
https://security.gentoo.org/glsa/201811-13	vendor-advisory x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2018:0527	vendor-advisory x_refsource_REDHAT
https://usn.ubuntu.com/3545-1/	vendor-advisory x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html	mailing-list x_refsource_MLIST
https://www.mozilla.org/security/advisories/mfsa2018-09/	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2018-07/	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0526	vendor-advisory x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html	mailing-list x_refsource_MLIST
https://www.debian.org/security/2018/dsa-4155	vendor-advisory x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0648	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0647	vendor-advisory x_refsource_REDHAT
http://www.securitytracker.com/id/1040514	vdb-entry x_refsource_SECTRACK
https://usn.ubuntu.com/3596-1/	vendor-advisory x_refsource_UBUNTU
https://www.mozilla.org/security/advisories/mfsa2018-06/	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1428947	x_refsource_CONFIRM

Hyperlink: https://www.debian.org/security/2018/dsa-4139

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://security.gentoo.org/glsa/201810-01

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://www.securityfocus.com/bid/103388

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://security.gentoo.org/glsa/201811-13

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0527

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://usn.ubuntu.com/3545-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-07/

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0526

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://www.debian.org/security/2018/dsa-4155

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.securitytracker.com/id/1040514

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://usn.ubuntu.com/3596-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-06/

Resource:

x_refsource_CONFIRM

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.debian.org/security/2018/dsa-4139	vendor-advisory x_refsource_DEBIAN x_transferred
https://security.gentoo.org/glsa/201810-01	vendor-advisory x_refsource_GENTOO x_transferred
http://www.securityfocus.com/bid/103388	vdb-entry x_refsource_BID x_transferred
https://security.gentoo.org/glsa/201811-13	vendor-advisory x_refsource_GENTOO x_transferred
https://access.redhat.com/errata/RHSA-2018:0527	vendor-advisory x_refsource_REDHAT x_transferred
https://usn.ubuntu.com/3545-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html	mailing-list x_refsource_MLIST x_transferred
https://www.mozilla.org/security/advisories/mfsa2018-09/	x_refsource_CONFIRM x_transferred
https://www.mozilla.org/security/advisories/mfsa2018-07/	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2018:0526	vendor-advisory x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html	mailing-list x_refsource_MLIST x_transferred
https://www.debian.org/security/2018/dsa-4155	vendor-advisory x_refsource_DEBIAN x_transferred
https://access.redhat.com/errata/RHSA-2018:0648	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2018:0647	vendor-advisory x_refsource_REDHAT x_transferred
http://www.securitytracker.com/id/1040514	vdb-entry x_refsource_SECTRACK x_transferred
https://usn.ubuntu.com/3596-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://www.mozilla.org/security/advisories/mfsa2018-06/	x_refsource_CONFIRM x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1428947	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.debian.org/security/2018/dsa-4139

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201810-01

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://www.securityfocus.com/bid/103388

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201811-13

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0527

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://usn.ubuntu.com/3545-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-07/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0526

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://www.debian.org/security/2018/dsa-4155

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.securitytracker.com/id/1040514

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://usn.ubuntu.com/3596-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-06/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@mozilla.org

Published At:11 Jun, 2018 | 21:29

Updated At:25 Nov, 2025 | 17:50

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

Debian GNU/Linux

>>debian_linux>>7.0

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>Versions before 59.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>Versions before 52.7.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.4

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.4

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.5

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>Versions before 52.7.0(exclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/103388	security@mozilla.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040514	security@mozilla.org	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0526	security@mozilla.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0527	security@mozilla.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0647	security@mozilla.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0648	security@mozilla.org	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1428947	security@mozilla.org	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html	security@mozilla.org	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html	security@mozilla.org	Third Party Advisory
https://security.gentoo.org/glsa/201810-01	security@mozilla.org	Third Party Advisory
https://security.gentoo.org/glsa/201811-13	security@mozilla.org	Third Party Advisory
https://usn.ubuntu.com/3545-1/	security@mozilla.org	Third Party Advisory
https://usn.ubuntu.com/3596-1/	security@mozilla.org	Third Party Advisory
https://www.debian.org/security/2018/dsa-4139	security@mozilla.org	Third Party Advisory
https://www.debian.org/security/2018/dsa-4155	security@mozilla.org	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-06/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-07/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-09/	security@mozilla.org	Vendor Advisory
http://www.securityfocus.com/bid/103388	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040514	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0526	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0527	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0647	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0648	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1428947	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.gentoo.org/glsa/201810-01	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.gentoo.org/glsa/201811-13	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/3545-1/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/3596-1/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2018/dsa-4139	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2018/dsa-4155	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-06/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-07/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-09/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/103388

Source: security@mozilla.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1040514

Source: security@mozilla.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0526

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0527

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

Source: security@mozilla.org

Resource:

Issue Tracking

Third Party Advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://security.gentoo.org/glsa/201810-01

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://security.gentoo.org/glsa/201811-13

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://usn.ubuntu.com/3545-1/

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://usn.ubuntu.com/3596-1/

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://www.debian.org/security/2018/dsa-4139

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://www.debian.org/security/2018/dsa-4155

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-06/

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-07/

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/103388