{"api_version":"1","generated_at":"2026-04-23T09:37:44+00:00","cve":"CVE-2018-5151","urls":{"html":"https://cve.report/CVE-2018-5151","api":"https://cve.report/api/cve/CVE-2018-5151.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-5151","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-5151"},"summary":{"title":"CVE-2018-5151","description":"Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2018-06-11 21:29:00","updated_at":"2018-08-03 18:33:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2018-11/","name":"https://www.mozilla.org/security/advisories/mfsa2018-11/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Security vulnerabilities fixed in Firefox 60 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3645-1/","name":"USN-3645-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3645-1: Firefox vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104139","name":"104139","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Mozilla Firefox MFSA2018-11 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1040896","name":"1040896","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Mozilla Firefox Multiple Bugs Let Remote Users Spoof Filenames, Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417","name":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417","refsource":"CONFIRM","tags":["Issue Tracking","Permissions Required","Third Party Advisory"],"title":"Bug List","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-5151","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5151","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5151","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-5151","qid":"690642","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (5aefc41e-d304-4ec8-8c82-824f84f08244)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@mozilla.org","ID":"CVE-2018-5151","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_affected":"<","version_value":"60"}]}}]},"vendor_name":"Mozilla"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Memory safety bugs fixed in Firefox 60"}]}]},"references":{"reference_data":[{"name":"https://www.mozilla.org/security/advisories/mfsa2018-11/","refsource":"CONFIRM","url":"https://www.mozilla.org/security/advisories/mfsa2018-11/"},{"name":"1040896","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040896"},{"name":"USN-3645-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3645-1/"},{"name":"104139","refsource":"BID","url":"http://www.securityfocus.com/bid/104139"},{"name":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417"}]}},"nvd":{"publishedDate":"2018-06-11 21:29:00","lastModifiedDate":"2018-08-03 18:33:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"60.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"5151","Ordinal":"121105","Title":"CVE-2018-5151","CVE":"CVE-2018-5151","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"5151","Ordinal":"1","NoteData":"Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"5151","Ordinal":"2","NoteData":"2018-06-11","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"5151","Ordinal":"3","NoteData":"2018-06-12","Type":"Other","Title":"Modified"}]}}}