CVE-2018-12405

critical

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

References

https://www.mozilla.org/security/advisories/mfsa2018-31/

https://www.mozilla.org/security/advisories/mfsa2018-30/

https://www.mozilla.org/security/advisories/mfsa2018-29/

https://www.debian.org/security/2019/dsa-4362

https://www.debian.org/security/2018/dsa-4354

https://usn.ubuntu.com/3868-1/

https://usn.ubuntu.com/3844-1/

https://security.gentoo.org/glsa/201903-04

https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471

https://access.redhat.com/errata/RHSA-2019:0160

https://access.redhat.com/errata/RHSA-2019:0159

https://access.redhat.com/errata/RHSA-2018:3833

https://access.redhat.com/errata/RHSA-2018:3831

http://www.securityfocus.com/bid/106168

Details

Source: Mitre, NVD

Published: 2019-02-28

Updated: 2019-03-12

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical