CVE-2018-5159

Summary

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 52.8affected
MozillaThunderbird ESRunspecified < 52.8affected
MozillaFirefoxunspecified < 60affected
MozillaFirefox ESRunspecified < 52.8affected

Weaknesses

  • Integer overflow and out-of-bounds write in Skia

ADP Enrichment

CVE Program Container

Additional References

References