CVE-2018-5156
Vulnerability Summary
Timeline
Description
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSS Metrics
- v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 2.95%• Percentile: 87%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- canonical•ubuntu_linux
14.04 | 16.04 | 17.10 | 18.04
- debian•debian_linux
8.0 | 9.0
- mozilla•firefox
< 52.9.0 | < 61.0 | ≥ 52.9.1, < 60.1.0 | ≥ unspecified, < 61
- mozilla•firefox_esr
≥ unspecified, < 60.1 | ≥ unspecified, < 52.9
- mozilla•thunderbird
< 60.0 | ≥ unspecified, < 60
- redhat•enterprise_linux_desktop
6.0 | 7.0
- redhat•enterprise_linux_server
6.0 | 7.0
- redhat•enterprise_linux_server_aus
7.6
- redhat•enterprise_linux_server_eus
7.5 | 7.6
- redhat•enterprise_linux_server_tus
7.6
- redhat•enterprise_linux_workstation
6.0 | 7.0
References (16)
- https://security.gentoo.org/glsa/201810-01
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://access.redhat.com/errata/RHSA-2018:2112
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://security.gentoo.org/glsa/201811-13
- https://bugzilla.mozilla.org/show_bug.cgi?id=1453127
- https://www.debian.org/security/2018/dsa-4235
- https://www.debian.org/security/2018/dsa-4295
- https://access.redhat.com/errata/RHSA-2018:2113
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- http://www.securityfocus.com/bid/104560
- http://www.securitytracker.com/id/1041193
- https://www.mozilla.org/security/advisories/mfsa2018-19/
- https://www.mozilla.org/security/advisories/mfsa2018-17/
- https://usn.ubuntu.com/3705-1/
- https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html