CVE-2018-5153

Summary

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 60affected

Weaknesses

  • Out-of-bounds read in mixed content websocket messages

ADP Enrichment

CVE Program Container

Additional References

References