Lucene search

[email protected]NVD:CVE-2018-5150

HistoryJun 11, 2018 - 9:29 p.m.

CVE-2018-5150

2018-06-1121:29:14

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.0%

JSON

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

mozillafirefoxRange<60.0

mozillafirefox_esrRange<52.8.0

mozillathunderbirdRange<52.8.0

mozillathunderbird_esrRange<52.8.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

canonicalubuntu_linuxMatch18.04lts

References

www.securityfocus.com/bid/104136

www.securitytracker.com/id/1040896

access.redhat.com/errata/RHSA-2018:1414

access.redhat.com/errata/RHSA-2018:1415

access.redhat.com/errata/RHSA-2018:1725

access.redhat.com/errata/RHSA-2018:1726

bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129

lists.debian.org/debian-lts-announce/2018/05/msg00007.html

lists.debian.org/debian-lts-announce/2018/05/msg00013.html

security.gentoo.org/glsa/201810-01

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3645-1/

usn.ubuntu.com/3660-1/

usn.ubuntu.com/3688-1/

www.debian.org/security/2018/dsa-4199

www.debian.org/security/2018/dsa-4209

www.mozilla.org/security/advisories/mfsa2018-11/

www.mozilla.org/security/advisories/mfsa2018-12/

www.mozilla.org/security/advisories/mfsa2018-13/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for NVD:CVE-2018-5150

cve1 ubuntucve1 redhatcve1 cvelist1 veracode1 debiancve1 prion1 nessus48 openvas32 ubuntu4 osv4 redhat4 suse3 debian4 centos4 oraclelinux4 altlinux3 ibm1 mageia3 mozilla3 amazon1 archlinux2 kaspersky2 freebsd1 gentoo2