BROWSER-FIREFOX -- Snort has detected traffic known to exploit vulnerabilities present in the Firefox browser, or products that have the "Gecko" engine (Thunderbird email client, etc.).
BROWSER-FIREFOX Mozilla Firefox Custom Elements write-after-free attempt
A bug exists in Mozilla Firefox Custom Elements where a malicious JavaScript file can cause a write-after-free in the browser. Impact: Attempted User Privilege Gain Details: Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-18500A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. |
|