Home > Vulnerability Database > CVE-2018-5163

Mend.io Vulnerability Database

CVE-2018-5163

Date: June 11, 2018

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Language: Unix

Severity Score

8.1

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-5163

Url: http://www.securitytracker.com/id/1040896

Url: https://www.mozilla.org/security/advisories/mfsa2018-11/

Url: https://usn.ubuntu.com/3645-1/

Url: http://www.securityfocus.com/bid/104139

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1426353

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5163

Url: https://www.mend.io/vulnerability-database/CVE-2018-5163

Severity Score

8.1

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-5163

Date: June 11, 2018

Language: Unix

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?