CVE-2018-5125

high

Description

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

References

https://www.mozilla.org/security/advisories/mfsa2018-09/

https://www.mozilla.org/security/advisories/mfsa2018-07/

https://www.mozilla.org/security/advisories/mfsa2018-06/

https://www.debian.org/security/2018/dsa-4155

https://www.debian.org/security/2018/dsa-4139

https://usn.ubuntu.com/3688-1/

https://usn.ubuntu.com/3596-1/

https://usn.ubuntu.com/3545-1/

https://security.gentoo.org/glsa/201811-13

https://security.gentoo.org/glsa/201810-01

https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520

https://access.redhat.com/errata/RHSA-2018:0648

https://access.redhat.com/errata/RHSA-2018:0647

https://access.redhat.com/errata/RHSA-2018:0527

https://access.redhat.com/errata/RHSA-2018:0526

http://www.securitytracker.com/id/1040514

http://www.securityfocus.com/bid/103388

Details

Source: Mitre, NVD

Published: 2018-06-11

Updated: 2019-03-08

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High