PRIOn knowledge basePRION:CVE-2018-5156Type confusion
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 17.10 | |
| ubuntu_linux | eq | 18.04 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 9.0 | |
| firefox | lt | 61.0 | |
| firefox_esr | ge | 52.9.1 | |
| firefox_esr | lt | 60.1.0 | |
| firefox_esr | lt | 52.9.0 |
References
www.securityfocus.com/bid/104560
www.securitytracker.com/id/1041193
access.redhat.com/errata/RHSA-2018:2112
access.redhat.com/errata/RHSA-2018:2113
bugzilla.mozilla.org/show_bug.cgi?id=1453127
lists.debian.org/debian-lts-announce/2018/06/msg00014.html
lists.debian.org/debian-lts-announce/2018/11/msg00011.html
security.gentoo.org/glsa/201810-01
security.gentoo.org/glsa/201811-13
usn.ubuntu.com/3705-1/
www.debian.org/security/2018/dsa-4235
www.debian.org/security/2018/dsa-4295
www.mozilla.org/security/advisories/mfsa2018-15/
www.mozilla.org/security/advisories/mfsa2018-16/
www.mozilla.org/security/advisories/mfsa2018-17/
www.mozilla.org/security/advisories/mfsa2018-19/
Related
