CVE-2018-5089

2018-06-1121:00:00

mozilla

www.cve.org

10 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CNA Affected

[
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "52.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "52.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "58",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102783

www.securitytracker.com/id/1040270

access.redhat.com/errata/RHSA-2018:0122

access.redhat.com/errata/RHSA-2018:0262

bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612

lists.debian.org/debian-lts-announce/2018/01/msg00030.html

lists.debian.org/debian-lts-announce/2018/01/msg00036.html

usn.ubuntu.com/3544-1/

usn.ubuntu.com/3688-1/

www.debian.org/security/2018/dsa-4096

www.debian.org/security/2018/dsa-4102

www.mozilla.org/security/advisories/mfsa2018-02/

www.mozilla.org/security/advisories/mfsa2018-03/

www.mozilla.org/security/advisories/mfsa2018-04/