Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2018-18505
HistoryFeb 05, 2019 - 9:29 p.m.

CVE-2018-18505

2019-02-0521:29:00
Alpine Linux Development Team
security.alpinelinux.org
28

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Related

redhatcve 1
cve 2
ubuntucve 2
prion 2
debiancve 2
nessus 60
mozilla 4
openvas 41
veracode 1
archlinux 1
ibm 1
debian 5
suse 8
osv 4
altlinux 2
slackware 1
mageia 2
redhat 4
centos 4
oraclelinux 4
threatpost 1
freebsd 3
chrome 1
kaspersky 2
ubuntu 2
gentoo 2
securityvulns 1
redhatcve
redhatcve
CVE-2018-18505
2019-10-16 00:19:03
cve
cve
CVE-2018-18505
2019-02-05 21:29:00
CVE-2011-3079
2012-05-01 10:12:00
ubuntucve
ubuntucve
CVE-2018-18505
2019-01-30 00:00:00
CVE-2011-3079
2012-05-01 00:00:00
prion
prion
Authentication flaw
2019-02-05 21:29:00
Information disclosure
2012-05-01 10:12:00
debiancve
debiancve
CVE-2018-18505
2019-02-05 21:29:00
CVE-2011-3079
2012-05-01 10:12:00
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0053)
2019-08-12 00:00:00
Mozilla Firefox ESR < 60.5
2019-01-30 00:00:00
Mozilla Firefox ESR < 60.5
2019-01-30 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 60.5 — Mozilla
2019-01-29 00:00:00
Privilege escalation through IPC channel messages — Mozilla
2015-05-12 00:00:00
Security vulnerabilities fixed in Thunderbird 60.5 — Mozilla
2019-01-29 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-57) - Linux
2021-11-11 00:00:00
Mozilla Firefox Security Advisory (MFSA2019-01) - Linux
2021-11-08 00:00:00
Mageia: Security Advisory (MGASA-2019-0069)
2022-01-28 00:00:00
veracode
veracode
Privilege Escalation
2019-05-16 03:37:23
archlinux
archlinux
[ASA-201902-2] firefox: multiple issues
2019-02-06 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2019-07-16 06:25:01
debian
debian
[SECURITY] [DLA 1648-1] firefox-esr security update
2019-01-30 16:24:11
[SECURITY] [DSA 4376-1] firefox-esr security update
2019-01-30 15:04:50
[SECURITY] [DSA 3260-1] iceweasel security update
2015-05-13 17:22:46
suse
suse
Security update for MozillaFirefox (important)
2019-02-04 00:00:00
Security update for MozillaFirefox (important)
2019-02-04 00:00:00
Security update for MozillaFirefox (important)
2019-07-20 00:00:00
osv
osv
firefox-esr - security update
2019-01-30 00:00:00
firefox-esr - security update
2019-01-30 00:00:00
thunderbird - security update
2019-02-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.5.0-alt1
2019-02-01 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 60.5.0-alt1
2019-02-01 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2019-01-30 04:28:16
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-02-03 22:36:48
Updated thunderbird packages fix security vulnerability
2019-02-13 14:08:25
redhat
redhat
(RHSA-2019:0219) Critical: firefox security update
2019-01-30 16:34:57
(RHSA-2019:0218) Critical: firefox security update
2019-01-30 16:34:05
(RHSA-2019:0269) Important: thunderbird security update
2019-02-04 19:25:30
centos
centos
firefox security update
2019-02-01 23:14:08
firefox security update
2019-02-01 23:12:46
thunderbird security update
2019-02-08 14:40:51
oraclelinux
oraclelinux
firefox security update
2019-01-31 00:00:00
firefox security update
2019-01-30 00:00:00
thunderbird security update
2019-02-04 00:00:00
threatpost
threatpost
Google Fixes Five Bugs in Chrome 18
2012-05-02 11:27:02
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-04-30 00:00:00
mozilla -- multiple vulnerabilities
2019-01-29 00:00:00
mozilla -- multiple vulnerabilities
2015-05-12 00:00:00
chrome
chrome
Stable Channel Update
2012-04-30 00:00:00
kaspersky
kaspersky
KLA11410 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2019-01-29 00:00:00
KLA11411 Multiple vulnerabilities in Mozilla Thunderbird
2019-01-29 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2019-02-26 00:00:00
Firefox vulnerabilities
2019-01-30 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2019-03-10 00:00:00
Mozilla Thunderbird and Firefox: Multiple vulnerabilities
2019-04-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-05-13 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON
Related for ALPINE:CVE-2018-18505
redhatcve1cve2ubuntucve2prion2debiancve2nessus60mozilla4openvas41veracode1archlinux1ibm1debian5suse8osv4altlinux2slackware1mageia2redhat4centos4oraclelinux4threatpost1freebsd3chrome1kaspersky2ubuntu2gentoo2securityvulns1