WebRTC Pixel Buffer Use-After-Free Vulnerability in Firefox < 60

WebRTC Pixel Buffer Use-After-Free Vulnerability in Firefox < 60

CVE-2018-5160 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.

Learn more about our Web Application Penetration Testing UK.