CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.8%
Severity: Critical
Date : 2018-11-06
CVE-ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392
Package : thunderbird
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-803
The package thunderbird before version 60.3.0-1 is vulnerable to
arbitrary code execution.
Upgrade to 60.3.0-1.
The problems have been fixed upstream in version 60.3.0.
None.
Several memory safety bugs have been found in Thunderbird versions
prior to 63.0. Some of these bugs showed evidence of memory corruption
and Mozilla engineers presume that with enough effort some of these
could be exploited to run arbitrary code.
Several memory safety bugs have been found in Firefox and Thunderbird
versions prior to 63.0. Some of these bugs showed evidence of memory
corruption and Mozilla engineers presume that with enough effort some
of these could be exploited to run arbitrary code.
A security issue has been found in Firefox and Thunderbird versions
prior to 63.0. When manipulating user events in nested loops while
opening a document through script, it is possible to trigger a
potentially exploitable crash due to poor event handling.
A remote attacker is able to execute arbitrary code via a specially
crafted HTML document.
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392
https://bugzilla.mozilla.org/show_bug.cgi?id=1492823
https://security.archlinux.org/CVE-2018-12389
https://security.archlinux.org/CVE-2018-12390
https://security.archlinux.org/CVE-2018-12392
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | thunderbird | < 60.3.0-1 | UNKNOWN |
bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844
bugzilla.mozilla.org/show_bug.cgi?id=1492823
security.archlinux.org/AVG-803
security.archlinux.org/CVE-2018-12389
security.archlinux.org/CVE-2018-12390
security.archlinux.org/CVE-2018-12392
www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392
www.mozilla.org/en-US/security/advisories/mfsa2018-28/
www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.8%