Vulnerability Details : CVE-2018-5130
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2018-5130
Probability of exploitation activity in the next 30 days: 1.46%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-5130
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
[email protected] |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
CWE ids for CVE-2018-5130
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: [email protected] (Primary)
References for CVE-2018-5130
-
https://usn.ubuntu.com/3596-1/
Third Party Advisory
-
http://www.securitytracker.com/id/1040514
Third Party Advisory;VDB Entry
-
https://www.mozilla.org/security/advisories/mfsa2018-06/
Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0526
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0527
Third Party Advisory
-
https://security.gentoo.org/glsa/201810-01
Third Party Advisory
-
http://www.securityfocus.com/bid/103388
Third Party Advisory;VDB Entry
-
https://www.mozilla.org/security/advisories/mfsa2018-07/
Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1433005
Issue Tracking;Permissions Required
-
https://www.debian.org/security/2018/dsa-4139
Third Party Advisory
Products affected by CVE-2018-5130
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*