If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-5163 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | thunderbird | Not affected |
| Red Hat Enterprise Linux 7 | firefox | Not affected |
| Red Hat Enterprise Linux 6 | firefox | Not affected |
| Red Hat Enterprise Linux 6 | thunderbird | Not affected |
Vulmon