CVE-2018-5159

EPSS 21.3%

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird Mozilla · Thunderbird ESR

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/44759/unverified exploitdbwww.exploit-db.com/exploits/44759unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1441941 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3645-1/https://usn.ubuntu.com/3660-1/https://www.debian.org/security/2018/dsa-4199