1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Mozilla Firefox CVE-2018-18500 Activity

Web Attack: Mozilla Firefox CVE-2018-18500 Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to execute arbitrary code in the context of the browser, gain elevated privileges, or cause denial-of-service conditions.

Additional Information

Firefox is a browser and available for multiple platforms.

Mozilla Firefox is prone to the following security vulnerabilities:

1. A use-after-free denial-of-service vulnerability that occurs when handling a specially-crafted HTML5 stream. An attacker can exploit this issue to free stream parser object. [CVE-2018-18500]

2. A privilege-escalation vulnerability that occurs due to insufficient authentication during the communication between IPC endpoints and server parents. An attacker can exploit this issue escape sandbox by using specially-crafted messages in the listener process. [CVE-2018-18505]

3. Multiple security vulnerabilities. Specifically, these issues occur because of memory safety bugs. [CVE-2018-18501]

Attackers can exploit these issues to execute arbitrary code in the context of the browser, gain elevated privileges; or cause denial-of-service conditions.

Affected

  • Thunderbird before 60.5, Firefox ESR before 60.5, and Firefox before 65
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube