Lucene search
Richard Zhu (fluorescence)ZDI-18-263HistoryMar 23, 2018 - 12:00 a.m.
(Pwn2Own) Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
2018-03-2300:00:00
Richard Zhu (fluorescence)
www.zerodayinitiative.com
22
0.38 Low
EPSS
Percentile
97.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libvorbis library. A crafted Vorbis audio file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
nessus
nessus
RHEL 6 / 7 : firefox (RHSA-2018:0549)
2018-03-19 00:00:00
Oracle Linux 7 : libvorbis (ELSA-2018-1058)
2018-04-19 00:00:00
Scientific Linux Security Update : libvorbis on SL6.x i386/x86_64 (20180405)
2018-04-06 00:00:00
debian
debian
[SECURITY] [DSA 4140-1] libvorbis security update
2018-03-16 19:50:51
[SECURITY] [DSA 4140-1] libvorbis security update
2018-03-16 19:50:51
[SECURITY] [DLA 1319-1] firefox-esr security update
2018-03-26 23:05:41
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
Design/Logic Flaw
2020-12-26 04:15:00
Code injection
2018-06-11 21:29:00
ubuntucve
ubuntucve
CVE-2018-5146
2018-03-16 00:00:00
CVE-2018-5147
2018-06-11 00:00:00
osv
osv
libvorbis - security update
2018-03-16 00:00:00
CVE-2018-5146
2018-06-11 21:29:00
firefox-esr - security update
2018-03-17 00:00:00
openvas
openvas
CentOS Update for libvorbis CESA-2018:1058 centos7
2018-06-05 00:00:00
CentOS Update for libvorbis CESA-2018:0649 centos6
2018-04-10 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2018:0549) Critical: firefox security update
2018-03-19 03:31:41
(RHSA-2018:1058) Important: libvorbis security update
2018-04-10 08:05:03
(RHSA-2018:0649) Important: libvorbis security update
2018-04-05 19:03:13
veracode
veracode
Denial Of Service (DoS) Through Out-of-Bounds Write
2019-01-15 09:22:28
Denial Of Service (DoS) Through Out-of-Bounds Write
2018-04-25 09:40:14
oraclelinux
oraclelinux
libvorbis security update
2018-04-17 00:00:00
firefox security update
2018-03-19 00:00:00
libvorbis security update
2018-04-05 00:00:00
cloudfoundry
cloudfoundry
USN-3604-1: libvorbis vulnerability | Cloud Foundry
2018-05-02 00:00:00
amazon
amazon
Critical: libvorbis
2018-04-05 15:57:00
Critical: libvorbis
2018-03-22 22:02:00
archlinux
archlinux
[ASA-201803-13] firefox: arbitrary code execution
2018-03-18 00:00:00
[ASA-201803-21] lib32-libvorbis: multiple issues
2018-03-19 00:00:00
[ASA-201803-12] libvorbis: multiple issues
2018-03-16 00:00:00
ubuntu
ubuntu
libvorbis vulnerability
2018-03-22 00:00:00
Firefox vulnerability
2018-03-16 00:00:00
Thunderbird vulnerabilities
2018-03-29 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: firefox-59.0.1-1.fc28
2018-03-26 22:32:29
[SECURITY] Fedora 26 Update: libvorbis-1.3.6-1.fc26
2018-03-27 19:31:39
[SECURITY] Fedora 28 Update: libvorbis-1.3.6-1.fc28
2018-03-30 13:35:33
cvelist
cvelist
centos
centos
firefox security update
2018-03-20 16:39:22
libvorbis security update
2018-04-09 23:35:22
libvorbis security update
2018-05-30 18:24:08
cve
cve
mageia
mageia
Updated libvorbis packages fix security vulnerability
2018-03-19 15:13:14
Updated thunderbird packages fix bugs and security vulnerabilities
2018-04-20 20:24:13
Updated thunderbird packages fix security vulnerability
2018-04-15 16:33:47
alpinelinux
alpinelinux
CVE-2018-5146
2018-06-11 21:29:14
android
android
CVE-2018-5146
2018-06-01 00:00:00
redhatcve
redhatcve
CVE-2018-5146
2018-03-16 17:48:59
checkpoint_advisories
checkpoint_advisories
nvd
nvd
debiancve
debiancve
CVE-2018-5146
2018-06-11 21:29:14
CVE-2018-5147
2018-06-11 21:29:14
kaspersky
kaspersky
KLA11595 SB vulnerabilities in Mozilla Firefox ESR
2018-03-16 00:00:00
KLA11594 SB vulnerabilities in Mozilla Firefox
2018-03-16 00:00:00
KLA11229 Multiple vulnerabilities in Mozilla Thunderbird
2018-03-23 00:00:00
mozilla
mozilla
Out of bounds memory write while processing Vorbis audio data — Mozilla
2018-03-16 00:00:00
Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla
2018-03-23 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2018-03-18 15:11:21
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-03-16 00:00:00
slackware
slackware
[slackware-security] libvorbis
2018-03-18 04:31:27
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 52.7.0-alt1
2018-03-24 00:00:00
threatpost
threatpost
Google Patches 11 Critical Android Bugs in June Update
2018-06-05 17:30:40
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2018-11-24 00:00:00