CVE-2018-5163

HIGH Year: 2018
CVSS v3 Score
8.1
High
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Related Vulnerabilities

CVE-2017-8563

HIGH
CVSS:8.1(High)

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation ...

CWE-2812017

CVE-2021-3414

HIGH
CVSS:8.1(High)

A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threa...

CWE-2812021

CVE-2023-25817

HIGH
CVSS:8.1(High)

Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable...

CWE-2812023

CVE-2023-42231

HIGH
CVSS:8.1(High)

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.

CWE-2812023

CVE-2024-28746

HIGH
CVSS:8.1(High)

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which t...

CWE-2812024