CVE-2018-12390

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/105718	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105769	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041944	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3005	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3006	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3531	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3532	Third Party Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844	Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201811-04	Third Party Advisory
https://security.gentoo.org/glsa/201811-13	Third Party Advisory
https://usn.ubuntu.com/3801-1/	Third Party Advisory
https://usn.ubuntu.com/3868-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4324	Third Party Advisory
https://www.debian.org/security/2018/dsa-4337	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-26/	Patch Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-27/	Patch Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-28/	Patch Vendor Advisory
http://www.securityfocus.com/bid/105718	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105769	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041944	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3005	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3006	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3531	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3532	Third Party Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844	Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201811-04	Third Party Advisory
https://security.gentoo.org/glsa/201811-13	Third Party Advisory
https://usn.ubuntu.com/3801-1/	Third Party Advisory
https://usn.ubuntu.com/3868-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4324	Third Party Advisory
https://www.debian.org/security/2018/dsa-4337	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-26/	Patch Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-27/	Patch Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-28/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

21 Nov 2024, 03:45

Information

Published : 2019-02-28 18:29

Updated : 2024-11-21 03:45

NVD link : CVE-2018-12390

Mitre link : CVE-2018-12390

CVE.ORG link : CVE-2018-12390

JSON object : View

Products Affected

mozilla

thunderbird
firefox
firefox_esr

redhat

enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_server_eus
enterprise_linux_desktop
enterprise_linux_server_aus

debian

debian_linux

canonical

ubuntu_linux

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.8 /10