← back
CVE-2018-5160

CVE-2018-5160

EPSS 2.7%
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.
Affected products
Mozilla · Firefox

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1436117https://usn.ubuntu.com/3645-1/https://www.mozilla.org/security/advisories/mfsa2018-11/http://www.securityfocus.com/bid/104139http://www.securitytracker.com/id/1040896