CVE-2018-12376

2018-10-1813:00:00

mozilla

www.cve.org

7.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "62",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "60.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "60.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105280

www.securitytracker.com/id/1041610

access.redhat.com/errata/RHSA-2018:2692

access.redhat.com/errata/RHSA-2018:2693

access.redhat.com/errata/RHSA-2018:3403

access.redhat.com/errata/RHSA-2018:3458

bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849

lists.debian.org/debian-lts-announce/2018/11/msg00011.html

security.gentoo.org/glsa/201810-01

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3761-1/

usn.ubuntu.com/3793-1/

www.debian.org/security/2018/dsa-4287

www.debian.org/security/2018/dsa-4327

www.mozilla.org/security/advisories/mfsa2018-20/

www.mozilla.org/security/advisories/mfsa2018-21/

www.mozilla.org/security/advisories/mfsa2018-25/