CVE-2018-12389

 

Published at: - 28-02-2019 07:29

Last modified: - 24-09-2022 03:03

Total changes: - 2

Description

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://www.mozilla.org/security/advisories/mfsa2018-28/
• https://www.mozilla.org/security/advisories/mfsa2018-27/
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198
• DSA-4337-Third Party Advisory
• DSA-4324-Third Party Advisory
• USN-3868-1-Third Party Advisory
• GLSA-201811-13-Third Party Advisory
• GLSA-201811-04-Third Party Advisory
• [debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update-Mailing List, Third Party Advisory
• [debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update-Mailing List, Third Party Advisory
• RHSA-2018:3532-Third Party Advisory
• RHSA-2018:3531-Third Party Advisory
• RHSA-2018:3006-Third Party Advisory
• RHSA-2018:3005-Third Party Advisory
• 1041944-Third Party Advisory, VDB Entry
• 105769-Third Party Advisory, VDB Entry
• 105723-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2018-12389

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures