CVE-2018-5163

Description

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Risk Information

Base Score

8.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.98

Associated Vulnerability

Vulnerability	OS Platform
Updates for Mozilla Firefox (60.0)	Windows
Updates for Mozilla Firefox (x64) (60.0)	Windows
Updates for Mozilla Firefox (60.0.1)	Windows
Updates for Mozilla Firefox (x64) (60.0.1)	Windows
Updates for Mozilla Firefox (60.0.2)	Windows
Updates for Mozilla Firefox (x64) (60.0.2)	Windows
Updates for Mozilla Firefox ESR (60.0.2)	Windows
Updates for Mozilla Firefox ESR (x64) (60.0.2)	Windows
Mozilla Firefox ESR (60.1.0)	Windows
Mozilla Firefox ESR (x64) (60.1.0)	Windows
Mozilla Firefox ESR (60.2.0)	Windows
Mozilla Firefox ESR (x64) (60.2.0)	Windows
Mozilla Firefox ESR (60.2.1)	Windows
Mozilla Firefox ESR (x64) (60.2.1)	Windows
Mozilla Firefox ESR (60.2.2)	Windows
Mozilla Firefox ESR (x64) (60.2.2)	Windows
Mozilla Firefox ESR (60.3.0)	Windows
Mozilla Firefox ESR (x64) (60.3.0)	Windows
Mozilla Firefox ESR (60.5.0)	Windows
Mozilla Firefox ESR (60.5.1)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.1)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.2)	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60	Mac
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-307502	Updates for Mozilla Firefox (60.0)
PATCH-307506	Updates for Mozilla Firefox (x64) (60.0)
PATCH-307537	Updates for Mozilla Firefox (60.0.1)
PATCH-307542	Updates for Mozilla Firefox (x64) (60.0.1)
PATCH-307642	Updates for Mozilla Firefox (60.0.2)
PATCH-307646	Updates for Mozilla Firefox (x64) (60.0.2)
PATCH-307736	Updates for Mozilla Firefox ESR (60.0.2)
PATCH-307744	Updates for Mozilla Firefox ESR (x64) (60.0.2)
PATCH-307747	Mozilla Firefox ESR (60.1.0)
PATCH-307748	Mozilla Firefox ESR (x64) (60.1.0)
PATCH-308027	Mozilla Firefox ESR (60.2.0)
PATCH-308035	Mozilla Firefox ESR (x64) (60.2.0)
PATCH-308123	Mozilla Firefox ESR (60.2.1)
PATCH-308125	Mozilla Firefox ESR (x64) (60.2.1)
PATCH-308181	Mozilla Firefox ESR (60.2.2)
PATCH-308183	Mozilla Firefox ESR (x64) (60.2.2)
PATCH-308289	Mozilla Firefox ESR (60.3.0)
PATCH-308293	Mozilla Firefox ESR (x64) (60.3.0)
PATCH-308876	Mozilla Firefox ESR (60.5.0)
PATCH-308982	Mozilla Firefox ESR (60.5.1)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234