9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.0%
Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389). Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390). Mozilla: Crash with nested event loops (CVE-2018-12392). Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393). Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395). Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396). Mozilla: WebExtension local file permission check bypass (CVE-2018-12397).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | firefox | < 60.3.0-1 | firefox-60.3.0-1.mga6 |
Mageia | 6 | noarch | firefox-l10n | < 60.3.0-1 | firefox-l10n-60.3.0-1.mga6 |
Mageia | 6 | noarch | nspr | < 4.20-1 | nspr-4.20-1.mga6 |
Mageia | 6 | noarch | nss | < 3.36.5-1.2 | nss-3.36.5-1.2.mga6 |
Mageia | 6 | noarch | rootcerts | < 20181001.00-1 | rootcerts-20181001.00-1.mga6 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.0%