#VU10971 Integer overflow in Firefox ESR - CVE-2018-5144
Published: March 13, 2018
Vulnerability identifier: #VU10971
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5144
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Firefox ESR
Firefox ESR
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to integer overflow during conversion of text to some Unicode character sets. A remote attacker can supply unchecked length parameter, trigger overflow and cause the service to crash.
The weakness exists due to integer overflow during conversion of text to some Unicode character sets. A remote attacker can supply unchecked length parameter, trigger overflow and cause the service to crash.
Remediation
Update to version ESR 52.7.