High severity8.1NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2018-5163
CVE-2018-5163
Description
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24<60+ 1 more
- (no CPE)range: <60
- (no CPE)range: unspecified
- osv-coords22 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 128.5.1-1.1+ 21 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/104139nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040896nvdThird Party AdvisoryVDB Entry
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions RequiredVendor Advisory
- usn.ubuntu.com/3645-1/nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2018-11/nvdVendor Advisory
News mentions
0No linked articles in our index yet.