CVE-2018-5129

Summary

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 52.7affected
MozillaFirefox ESRunspecified < 52.7affected
MozillaFirefoxunspecified < 59affected

Weaknesses

  • Out-of-bounds write with malformed IPC messages

ADP Enrichment

CVE Program Container

Additional References

References