Vulnerability CVE-2018-5159: Information
Description
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: June 12, 2018
Modified: March 11, 2019
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2018-13/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-12/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-11/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1441941 |
|
44759 |
|
DSA-4209 |
|
DSA-4199 |
|
USN-3660-1 |
|
USN-3645-1 |
|
[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update |
|
[debian-lts-announce] 20180511 [SECURITY] [DLA 1376-1] firefox-esr security update |
|
RHSA-2018:1726 |
|
RHSA-2018:1725 |
|
RHSA-2018:1415 |
|
RHSA-2018:1414 |
|
1040896 |
|
104136 |
|
GLSA-201810-01 |
|
GLSA-201811-13 |
|