CVE-2019-7386
Description
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| nokia | 8810_4g | - | |
References
- http://seclists.org/fulldisclosure/2019/Feb/35
- http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html
- http://www.breakthesec.com/search/label/0day
- https://s3curityb3ast.github.io
- http://www.breakthesec.com
- https://s3curityb3ast.github.io/KSA-Dev-007.md
- https://developer.kaiostech.com/bugzilla-reports/report_58204.html
- https://developer.kaiostech.com/bugzilla-reports/report_141873.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.