### [CVE-2018-5129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2052.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2059%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20write%20with%20malformed%20IPC%20messages&color=brighgreen)

### Description

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1428947

#### Github
- https://github.com/Escapingbug/awesome-browser-exploit
- https://github.com/Mr-Anonymous002/awesome-browser-exploit
- https://github.com/SkyBulk/the-day-of-nightmares
- https://github.com/ZihanYe/web-browser-vulnerabilities
- https://github.com/paulveillard/cybersecurity-windows-exploitation
- https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References