CVE-2018-5163

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

CVSS v3.0 8.1 HIGH
CVSS v2.0 5.1 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.mozilla.org/security/advisories/mfsa2018-11/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1426353	Issue Tracking Permissions Required Vendor Advisory
https://usn.ubuntu.com/3645-1/	Third Party Advisory
http://www.securitytracker.com/id/1040896	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/104139	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration 2 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Information

Published : 2018-06-11 14:29

Updated : 2019-10-02 17:03

NVD link : CVE-2018-5163

Mitre link : CVE-2018-5163

JSON object : View

CWE

CWE-281

Improper Preservation of Permissions

Products Affected

mozilla

firefox

canonical

ubuntu_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.mozilla.org/security/advisories/mfsa2018-11/", "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1426353", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1426353", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://usn.ubuntu.com/3645-1/", "name": "USN-3645-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.securitytracker.com/id/1040896", "name": "1040896", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/104139", "name": "104139", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-281"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-5163", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2018-06-11T21:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "60.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}

8.1 /10