MozillaCVELIST:CVE-2018-12390CVE-2018-12390
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
CNA Affected
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "63",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
www.securityfocus.com/bid/105718
www.securityfocus.com/bid/105769
www.securitytracker.com/id/1041944
access.redhat.com/errata/RHSA-2018:3005
access.redhat.com/errata/RHSA-2018:3006
access.redhat.com/errata/RHSA-2018:3531
access.redhat.com/errata/RHSA-2018:3532
bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844
lists.debian.org/debian-lts-announce/2018/11/msg00008.html
lists.debian.org/debian-lts-announce/2018/11/msg00011.html
security.gentoo.org/glsa/201811-04
security.gentoo.org/glsa/201811-13
usn.ubuntu.com/3801-1/
usn.ubuntu.com/3868-1/
www.debian.org/security/2018/dsa-4324
www.debian.org/security/2018/dsa-4337
www.mozilla.org/security/advisories/mfsa2018-26/
www.mozilla.org/security/advisories/mfsa2018-27/
www.mozilla.org/security/advisories/mfsa2018-28/
Related
