Home

CVE-2018-5148

Description

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.596

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2018-5148 are affected in Mozilla Firefox 59.0.1Windows
Vulnerabilities CVE-2018-5148 are fixed in Mozilla Firefox For Mac 59.0.2Mac
Vulnerabilities CVE-2018-5148 are affected in Firefox ESR for Mac 52.7.2Mac
Vulnerabilities CVE-2018-5148 are affected in Mozilla Firefox for Mac 52.7.2Mac
Vulnerabilities CVE-2018-5148 are affected in Mozilla Firefox for Mac 59.0.1Mac
Vulnerabilities CVE-2018-5148 are fixed in Mozilla Firefox For Mac 52.7.3Mac
Mozilla Open Source web browser (USN-3477-3) firefox_59.0.2+build1-0ubuntu0.17.10.1_i386.debLinux
Mozilla Open Source web browser (USN-3609-1) firefox_59.0.2+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3609-1) firefox_59.0.2+build1-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3609-1) firefox_59.0.2+build1-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3609-1) firefox_59.0.2+build1-0ubuntu0.16.04.1_amd64.debLinux
firefox-esr security update(DSA-4153-1) firefox-esr_52.7.3esr-1~deb8u1_i386.debLinux
firefox-esr security update(DSA-4153-1) firefox-esr_52.7.3esr-1~deb8u1_amd64.debLinux
firefox-esr security update(DSA-4153-1) firefox-esr_52.7.3esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4153-1) firefox-esr_52.7.3esr-1~deb9u1_amd64.debLinux
(RHSA-2018:1098) Important: firefox security update firefox-52.7.3-1.el6_9.i686.rpmLinux
(RHSA-2018:1098) Important: firefox security update firefox-52.7.3-1.el6_9.x86_64.rpmLinux
(RHSA-2018:1099) Important: firefox security update firefox-52.7.3-1.el7_5.i686.rpmLinux
(RHSA-2018:1099) Important: firefox security update firefox-52.7.3-1.el7_5.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234