Strike ID:
E19-5o5g1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
4
Year:
2018

Description

This strike simulates the traffic caused by exploiting a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the Custom Elements stream handler component of Firefox. When handling an HTML5 stream in concert with custom HTML elements, the stream parser object is freed while still in use, leading to a crash. An attacker can exploit this vulnerability by passing a malicious web page to the targeted browser.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}