FreeBSD23F59689-0152-42D3-9ADE-1658D6380567mozilla -- use-after-free in compositor
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.4%
The Mozilla Foundation reports:
CVE-2018-5148: Use-after-free in compositor
A use-after-free vulnerability can occur in the
compositor during certain graphics operations when a raw
pointer is used instead of a reference counted one. This
results in a potentially exploitable crash.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | firefox | < 59.0.2,1 | UNKNOWN |
| FreeBSD | any | noarch | waterfox | < 56.0.4.36_3 | UNKNOWN |
| FreeBSD | any | noarch | seamonkey | < 2.49.3 | UNKNOWN |
| FreeBSD | any | noarch | linux-seamonkey | < 2.49.3 | UNKNOWN |
| FreeBSD | any | noarch | firefox-esr | < 52.7.3,1 | UNKNOWN |
| FreeBSD | any | noarch | linux-firefox | < 52.7.3,2 | UNKNOWN |
| FreeBSD | any | noarch | libxul | < 52.7.3 | UNKNOWN |
| FreeBSD | any | noarch | linux-thunderbird | < 52.7.1 | UNKNOWN |
| FreeBSD | any | noarch | thunderbird | < 52.7.0_1 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.4%