CVE-2018-5159

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content.
Group Package Affected Fixed Severity Status Ticket
AVG-707 thunderbird 52.7.0-2 52.8.0-1 Critical Fixed
AVG-693 firefox 59.0.2-3 60.0-1 Critical Fixed
Date Advisory Group Package Severity Description
21 May 2018 ASA-201805-21 AVG-707 thunderbird Critical multiple issues
13 May 2018 ASA-201805-10 AVG-693 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5159
https://bugzilla.mozilla.org/show_bug.cgi?id=1441941