Vulnerability CVE-2018-12405: Information

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-12405
Published: Feb. 28, 2019
Modified: March 12, 2019
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus64.0-alt1127.0-alt1ALT-PU-2018-2963-1218259Fixed
firefoxp1064.0-alt1118.0.2-alt0.p10.1ALT-PU-2018-2963-1218259Fixed
firefoxp964.0-alt1105.0.1-alt0.c9.1ALT-PU-2018-2963-1218259Fixed
firefoxp868.0.1-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2019-2938-1236175Fixed
firefoxc10f164.0-alt1112.0.2-alt0.p10.1ALT-PU-2018-2963-1218259Fixed
firefoxc9f264.0-alt1105.0.1-alt0.c9.1ALT-PU-2018-2963-1218259Fixed
firefoxc760.6.1-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-1726-1218597Fixed
firefoxp1164.0-alt1126.0.1-alt1ALT-PU-2018-2963-1218259Fixed
firefox-esrsisyphus60.4.0-alt1115.11.0-alt1ALT-PU-2018-2824-1217620Fixed
firefox-esrp1060.4.0-alt1115.11.0-alt1ALT-PU-2018-2824-1217620Fixed
firefox-esrp968.0.2-alt1102.11.0-alt0.c9.1ALT-PU-2019-2486-1235108Fixed
firefox-esrp860.4.0-alt168.4.1-alt0.M80P.1ALT-PU-2018-2840-1217704Fixed
firefox-esrc10f160.4.0-alt1115.9.1-alt0.c10.1ALT-PU-2018-2824-1217620Fixed
firefox-esrc9f268.0.2-alt1102.12.0-alt0.c9.1ALT-PU-2019-2486-1235108Fixed
firefox-esrp1160.4.0-alt1115.11.0-alt1ALT-PU-2018-2824-1217620Fixed
thunderbirdsisyphus60.4.0-alt1115.9.0-alt1ALT-PU-2018-2958-1218477Fixed
thunderbirdp1060.4.0-alt1115.9.0-alt1ALT-PU-2018-2958-1218477Fixed
thunderbirdp960.4.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2958-1218477Fixed
thunderbirdp860.7.2-alt0.M80P.160.8.0-alt0.M80P.1ALT-PU-2019-2196-1216874Fixed
thunderbirdc10f160.4.0-alt1115.9.0-alt0.c10.1ALT-PU-2018-2958-1218477Fixed
thunderbirdc9f260.4.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2958-1218477Fixed
thunderbirdc760.8.0-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-2345-1234994Fixed
thunderbirdp1160.4.0-alt1115.9.0-alt1ALT-PU-2018-2958-1218477Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2018-31/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-30/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-29/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471
  • Broken Link
  • Issue Tracking
  • Vendor Advisory
DSA-4362
  • Third Party Advisory
DSA-4354
  • Third Party Advisory
USN-3868-1
  • Third Party Advisory
USN-3844-1
  • Third Party Advisory
[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
  • Third Party Advisory
RHSA-2019:0160
  • Third Party Advisory
RHSA-2019:0159
  • Third Party Advisory
RHSA-2018:3833
  • Third Party Advisory
RHSA-2018:3831
  • Third Party Advisory
106168
  • VDB Entry
  • Third Party Advisory
GLSA-201903-04
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      64.0
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      60.4.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      60.4.0

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top