Strike ID:
E19-5o5g1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
4
Year:
2018

Description

This strike simulates the traffic caused by exploiting a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the Custom Elements stream handler component of Firefox. When handling an HTML5 stream in concert with custom HTML elements, the stream parser object is freed while still in use, leading to a crash. An attacker can exploit this vulnerability by passing a malicious web page to the targeted browser.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-%7B2018-18500%7D

References

https://support.ixiacom.com/%7Bhttps%3A//news.sophos.com/en-us/2019/04/18/protec...

MSB

https://technet.microsoft.com/en-us/library/security/MS{}

BID

http://www.securityfocus.com/bid/{106781}

ExploitDB

http://www.exploit-db.com/exploits/{}

Secunia

http://secunia.com/advisories/{}

Security Tracker

http://securitytracker.com/id?%7B%7D

Metasploit

https://github.com/rapid7/metasploit-framework/blob/master/modules/{}

ZDI

http://www.zerodayinitiative.com/advisories/ZDI-{}

Google

https://code.google.com/p/google-security-research/issues/detail?id=%7B%7D

OSVDB

{}