Think you have a false positive on this rule?

Sid 1-46398

Message

BROWSER-OTHER Mozilla Firefox table object integer underflow

Summary

This event is generated when an integer underflow is detected in Mozilla Firefox.

Impact

Attempted Administrator Privilege Gain

CVE-2018-5093:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2018-5093: A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Affected systems

  • mozilla firefox 57.0.4
  • canonical ubuntu_linux 14.04
  • canonical ubuntu_linux 16.04
  • canonical ubuntu_linux 17.10

Ease of attack

CVE-2018-5093:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References