The vulnerability in the multimedia streaming recording mechanism of Firefox browsers, Firefox ESR, and Thunderbird email software, related to improper type checking of data sources, allows attackers to trigger a service failure.

🗓️ 07 Feb 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

Vulnerability in Firefox, Firefox ESR, and Thunderbird recording multimedia streams; improper type checks cause service interruption when source type changes.

Reporter	Title	Published	Views	Family All 139
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 60.1.0-alt1	26 Jun 201800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 60.0-alt1	13 Aug 201800:00	–	altlinux
Tenable Nessus	Mozilla Firefox < 61 Multiple Vulnerabilities	21 Aug 201800:00	–	nessus
Tenable Nessus	Mozilla Firefox ESR < 52.9 Multiple Vulnerabilities	21 Aug 201800:00	–	nessus
Tenable Nessus	Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities	21 Aug 201800:00	–	nessus
Tenable Nessus	CentOS 6 : firefox (CESA-2018:2112)	16 Jul 201800:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (CESA-2018:2113)	12 Jul 201800:00	–	nessus
Tenable Nessus	Debian DLA-1406-1 : firefox-esr security update	2 Jul 201800:00	–	nessus
Tenable Nessus	Debian DLA-1575-1 : thunderbird security update	13 Nov 201800:00	–	nessus
Tenable Nessus	Debian DSA-4235-1 : firefox-esr - security update	28 Jun 201800:00	–	nessus

Vulners

Node

mozilla firefox_esrRange<52.9.0

mozilla firefox_esrRange52.9.1–60.1.0

mozilla thunderbirdRange<60.0

novell suse_enterprise_storageMatch4

novell suse_openstack_cloudMatch7

novell suse_linux_enterprise_module_for_desktop_applicationsMatch15

novell suse_linux_enterprise_workstation_extensionMatch15

novell suse_package_hub_for_suse_linux_enterpriseMatch12

mozilla firefoxRange<61

red_hat red_hat_enterprise_linuxMatch6

red_hat red_hat_enterprise_linuxMatch7

novell opensuse_leapMatch42.3

canonical ubuntuMatch17.10

novell opensuse_leapMatch15.0

novell suse_linux_enterprise_serverMatch12-ltss

novell suse_linux_enterprise_server_for_sap_applicationsMatch12-ltss

Source	Link
cve	www.cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2018-19/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2018-16/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2018-17/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2018-15/
usn	www.usn.ubuntu.com/3705-1/
suse	www.suse.com/security/cve/CVE-2018-5156/
altsp	www.altsp.su/obnovleniya-bezopasnosti/
lists	www.lists.debian.org/debian-lts-announce/2018/06/msg00014.html
lists	www.lists.debian.org/debian-lts-announce/2018/11/msg00011.html

01 Dec 2021 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.5

CVSS 39.8

EPSS0.02953