CVE-2018-5146
high-risk
Published 2018-06-11
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
Do I need to act?
!
44.8% chance of exploitation in next 30 days
EPSS score — higher than 55% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (40)
Third Party Advisory
http://www.securityfocus.com/bid/103432
Third Party Advisory
http://www.securitytracker.com/id/1040544
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0549
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0647
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0648
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0649
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1058
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
Third Party Advisory
https://security.gentoo.org/glsa/201811-13
Third Party Advisory
https://usn.ubuntu.com/3545-1/
Third Party Advisory
https://usn.ubuntu.com/3599-1/
Third Party Advisory
https://usn.ubuntu.com/3604-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4140
Third Party Advisory
https://www.debian.org/security/2018/dsa-4143
Third Party Advisory
https://www.debian.org/security/2018/dsa-4155
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-08/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-09/
and 20 more references
67
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
17/34 · Moderate
Exposure
20/34 · Moderate