An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::

References

www.securityfocus.com/bid/103432

www.securitytracker.com/id/1040544

access.redhat.com/errata/RHSA-2018:0549

access.redhat.com/errata/RHSA-2018:0647

access.redhat.com/errata/RHSA-2018:0648

access.redhat.com/errata/RHSA-2018:0649

access.redhat.com/errata/RHSA-2018:1058

bugzilla.mozilla.org/show_bug.cgi?id=1446062

lists.debian.org/debian-lts-announce/2018/03/msg00022.html

lists.debian.org/debian-lts-announce/2018/03/msg00029.html

lists.debian.org/debian-lts-announce/2018/04/msg00033.html

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3545-1/

usn.ubuntu.com/3599-1/

usn.ubuntu.com/3604-1/

www.debian.org/security/2018/dsa-4140

www.debian.org/security/2018/dsa-4143

www.debian.org/security/2018/dsa-4155

www.mozilla.org/security/advisories/mfsa2018-08/

www.mozilla.org/security/advisories/mfsa2018-09/

nessus 64

oraclelinux 5

android 1

openvas 38

fedora 5

osv 7

centos 5

ubuntu 3

mageia 3

alpinelinux 1

redhat 5

ibm 3

prion 3

ubuntucve 2

veracode 2

debian 7

checkpoint_advisories 1

redhatcve 1

zdi 1

debiancve 2

cloudfoundry 1

amazon 2

archlinux 4

suse 1

cve 2

kaspersky 3

freebsd 1

mozilla 2

slackware 1

altlinux 1

threatpost 1

gentoo 1

nessus

Scientific Linux Security Update : libvorbis on SL7.x x86_64 (20180410)

2018-05-01 00:00:00

Fedora 26 : 1:libvorbis (2018-f26d891469)

2018-03-28 00:00:00

SUSE SLES11 Security Update : libvorbis (SUSE-SU-2018:0783-1)

2018-03-27 00:00:00

oraclelinux

firefox security update

2018-03-19 00:00:00

libvorbis security update

2018-04-17 00:00:00

libvorbis security update

2018-04-05 00:00:00

android

CVE-2018-5146

2018-06-01 00:00:00

openvas

Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1155)

2020-01-23 00:00:00

Mozilla Firefox ESR Security Advisories (MFSA2018-08, MFSA2018-08) - Windows

2018-03-22 00:00:00

Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1105)

2020-01-23 00:00:00

fedora

[SECURITY] Fedora 26 Update: libvorbis-1.3.6-1.fc26

2018-03-27 19:31:39

[SECURITY] Fedora 28 Update: libvorbis-1.3.6-1.fc28

2018-03-30 13:35:33

[SECURITY] Fedora 27 Update: libvorbis-1.3.6-1.fc27

2018-03-20 18:26:53

osv

CVE-2018-5146

2018-06-11 21:29:00

libvorbis - security update

2018-03-16 00:00:00

firefox-esr - security update

2018-03-27 00:00:00

centos

libvorbis security update

2018-05-30 18:24:08

libvorbis security update

2018-04-09 23:35:22

firefox security update

2018-03-20 16:39:22

ubuntu

Firefox vulnerability

2018-03-16 00:00:00

libvorbis vulnerability

2018-03-22 00:00:00

Thunderbird vulnerabilities

2018-03-29 00:00:00

mageia

Updated libvorbis packages fix security vulnerability

2018-03-19 15:13:14

Updated thunderbird packages fix security vulnerability

2018-04-15 16:33:47

Updated thunderbird packages fix bugs and security vulnerabilities

2018-04-20 20:24:13

alpinelinux

CVE-2018-5146

2018-06-11 21:29:00

redhat

(RHSA-2018:0649) Important: libvorbis security update

2018-04-05 19:03:13

(RHSA-2018:1058) Important: libvorbis security update

2018-04-10 08:05:03

(RHSA-2018:0549) Critical: firefox security update

2018-03-19 03:31:41

ibm

Security Bulletin: A vulnerability in libvorbis affects PowerKVM

2018-07-07 00:01:25

Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management

2019-10-18 03:36:34

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

prion

Design/Logic Flaw

2018-06-11 21:29:00

Code injection

2018-06-11 21:29:00

Design/Logic Flaw

2020-12-26 04:15:00

ubuntucve

CVE-2018-5146

2018-03-16 00:00:00

CVE-2018-5147

2018-06-11 00:00:00

veracode

Denial Of Service (DoS) Through Out-of-Bounds Write

2019-01-15 09:22:28

Denial Of Service (DoS) Through Out-of-Bounds Write

2018-04-25 09:40:14

debian

[SECURITY] [DSA 4140-1] libvorbis security update

2018-03-16 19:54:42

[SECURITY] [DSA 4140-1] libvorbis security update

2018-03-16 19:50:51

[SECURITY] [DSA 4143-1] firefox-esr security update

2018-03-17 18:23:06

checkpoint_advisories

Mozilla Firefox Vorbis Audio Residue Codebook Out of Bounds Write (CVE-2018-5146)

2018-05-14 00:00:00

redhatcve

CVE-2018-5146

2018-03-16 17:48:59

zdi

(Pwn2Own) Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

2018-03-23 00:00:00

debiancve

CVE-2018-5146

2018-06-11 21:29:00

CVE-2018-5147

2018-06-11 21:29:00

cloudfoundry

USN-3604-1: libvorbis vulnerability | Cloud Foundry

2018-05-02 00:00:00

amazon

Critical: libvorbis

2018-03-22 22:02:00

Critical: libvorbis

2018-04-05 15:57:00

archlinux

[ASA-201803-13] firefox: arbitrary code execution

2018-03-18 00:00:00

[ASA-201803-21] lib32-libvorbis: multiple issues

2018-03-19 00:00:00

[ASA-201803-12] libvorbis: multiple issues

2018-03-16 00:00:00

suse

Security update for MozillaFirefox (important)

2018-03-18 15:11:21

cve

CVE-2020-20412

2020-12-26 04:15:00

CVE-2018-5147

2018-06-11 21:29:00

kaspersky

KLA11594 SB vulnerabilities in Mozilla Firefox

2018-03-16 00:00:00

KLA11595 SB vulnerabilities in Mozilla Firefox ESR

2018-03-16 00:00:00

KLA11229 Multiple vulnerabilities in Mozilla Thunderbird

2018-03-23 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2018-03-16 00:00:00

mozilla

Out of bounds memory write while processing Vorbis audio data — Mozilla

2018-03-16 00:00:00

Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla

2018-03-23 00:00:00

slackware

[slackware-security] libvorbis

2018-03-18 04:31:27

altlinux

Security fix for the ALT Linux 10 package thunderbird version 52.7.0-alt1

2018-03-24 00:00:00

threatpost

Google Patches 11 Critical Android Bugs in June Update

2018-06-05 17:30:40

gentoo

Mozilla Thunderbird: Multiple vulnerabilities

2018-11-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.38 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2018-5146

nessus64 oraclelinux5 android1 openvas38 fedora5 osv7 centos5 ubuntu3 mageia3 alpinelinux1 redhat5 ibm3 prion3 ubuntucve2 veracode2 debian7 checkpoint_advisories1 redhatcve1 zdi1 debiancve2 cloudfoundry1 amazon2 archlinux4 suse1 cve2 kaspersky3 freebsd1 mozilla2 slackware1 altlinux1 threatpost1 gentoo1