HTTP: Mozilla Firefox Vorbis Audio Residue Codebook Out of Bounds Write
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.
Extended Description
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
Affected Products
Mozilla firefox
References
CVE: CVE-2018-5147
Short Name
HTTP:STC:MOZILLA:FF-AUDIO-OOB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Audio Bounds CVE-2018-5147 Codebook Firefox Mozilla Out Residue Vorbis Write of
Release Date
05/03/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Mozilla
Debian
CVSS Score
7.5