Bird_banner_small4
Mozilla Firefox WebAssembly Table Integer Underflow
TSL ID TSL20180124-10
CVE ID(s) CVE-2018-5093
Severity High
Description

An integer underflow vulnerability has been reported in WebAssembly components of Mozilla Firefox. The vulnerability is due to insufficient validation during access of a Table object element.

A remote attacker could exploit these vulnerabilities by enticing a user to open a maliciously crafted webpage. Successful exploitation of the vulnerabilities could lead to remote code execution.

The vendor, Mozilla, has issued advisories and updates:

https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/

Affected Products
  • Mozilla Foundation Firefox prior to 58.0
  • Mozilla Foundation Firefox ESR prior to 52.6
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.0 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093
Related Threats