Suggested description
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject on Pale Moon Browser versions before 27.9.3.
Additional Information
The vulnerability has been confirmed and patched by the vendor.
Vulnerability Type Other
Use-after-free
Vendor of Product
Pale Moon Browser
Affected Product Code Base
Pale Moon Browser - Versions prior to 27.9.3
Attack Type
Remote
Impact Code execution
true
Impact Denial of Service
true
Attack Vectors
An attacker can crash the browser by hosting a malicious web page and possibly execute remote code on the operating system.
Reference
https://www.palemoon.org/releasenotes.shtml (2018-06-12)
https://gist.github.com/berkgoksel/bbae795cae748fffe76b93a424a47dc2 (Proof of Concept)
https://gist.github.com/berkgoksel/b76411ed16847d44e475a38cf1a1df9d
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Berk Cem Goksel
CVE-2018-12292