Vulnerabilities > CVE-2018-12292 - Use After Free vulnerability in Palemoon Pale Moon

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
palemoon
CWE-416
critical
exploit available

Summary

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.

Vulnerable Configurations

Part Description Count
Application
Palemoon
129

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPale Moon Browser < 27.9.3 - Use After Free (PoC). CVE-2018-12292. Local exploit for Windows platform
fileexploits/windows/local/44900.txt
idEDB-ID:44900
last seen2018-06-18
modified2018-06-18
platformwindows
port
published2018-06-18
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44900/
titlePale Moon Browser < 27.9.3 - Use After Free (PoC)
typelocal

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148228/palemoonbrowser-uaf.txt
idPACKETSTORM:148228
last seen2018-06-19
published2018-06-18
reporterBerk Cem Goksel
sourcehttps://packetstormsecurity.com/files/148228/Pale-Moon-Browser-Use-After-Free.html
titlePale Moon Browser Use-After-Free