7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.0%
A potentially exploitable crash in TransportSecurityInfo used for SSL can
be triggered by data stored in the local cache in the user profile
directory. This issue is only exploitable in combination with another
vulnerability allowing an attacker to write data into the local cache or
from locally installed malware. This issue also triggers a non-exploitable
startup crash for users switching between the Nightly and Release versions
of Firefox if the same profile is used. This vulnerability affects
Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 62.0.3+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 62.0.3+build1-0ubuntu0.14.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | firefox | < 62.0.3+build1-0ubuntu0.16.04.2 | UNKNOWN |
ubuntu | 18.04 | noarch | thunderbird | < 1:60.2.1+build1-0ubuntu0.18.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:60.2.1+build1-0ubuntu0.14.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | thunderbird | < 1:60.2.1+build1-0ubuntu0.16.04.4 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2018-12385
nvd.nist.gov/vuln/detail/CVE-2018-12385
security-tracker.debian.org/tracker/CVE-2018-12385
ubuntu.com/security/notices/USN-3778-1
ubuntu.com/security/notices/USN-3793-1
www.cve.org/CVERecord?id=CVE-2018-12385
www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385
www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.0%