CVE-2018-5089

critical

Description

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

References

https://www.mozilla.org/security/advisories/mfsa2018-04/

https://www.mozilla.org/security/advisories/mfsa2018-03/

https://www.mozilla.org/security/advisories/mfsa2018-02/

https://www.debian.org/security/2018/dsa-4102

https://www.debian.org/security/2018/dsa-4096

https://usn.ubuntu.com/3688-1/

https://usn.ubuntu.com/3544-1/

https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html

https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612

https://access.redhat.com/errata/RHSA-2018:0262

https://access.redhat.com/errata/RHSA-2018:0122

http://www.securitytracker.com/id/1040270

http://www.securityfocus.com/bid/102783

Details

Source: Mitre, NVD

Published: 2018-06-11

Updated: 2018-08-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical