Vulnerability CVE-2018-5186: Information

Description

Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-5186
Published: Oct. 18, 2018
Modified: Dec. 6, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus61.0-alt1127.0-alt1ALT-PU-2018-1985-1209471Fixed
firefoxp1061.0-alt1118.0.2-alt0.p10.1ALT-PU-2018-1985-1209471Fixed
firefoxp961.0-alt1105.0.1-alt0.c9.1ALT-PU-2018-1985-1209471Fixed
firefoxp861.0.1-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2018-2036-1209591Fixed
firefoxc10f161.0-alt1112.0.2-alt0.p10.1ALT-PU-2018-1985-1209471Fixed
firefoxc9f261.0-alt1105.0.1-alt0.c9.1ALT-PU-2018-1985-1209471Fixed
firefoxp1161.0-alt1126.0.1-alt1ALT-PU-2018-1985-1209471Fixed
firefox-esrsisyphus68.0.1-alt1115.11.0-alt1ALT-PU-2019-2324-1234871Fixed
firefox-esrp1068.0.1-alt1115.11.0-alt1ALT-PU-2019-2324-1234871Fixed
firefox-esrp968.0.2-alt1102.11.0-alt0.c9.1ALT-PU-2019-2486-1235108Fixed
firefox-esrp868.1.0-alt1.M80P.168.4.1-alt0.M80P.1ALT-PU-2019-2937-1236175Fixed
firefox-esrc10f168.0.1-alt1115.9.1-alt0.c10.1ALT-PU-2019-2324-1234871Fixed
firefox-esrc9f268.0.2-alt1102.12.0-alt0.c9.1ALT-PU-2019-2486-1235108Fixed
firefox-esrp1168.0.1-alt1115.11.0-alt1ALT-PU-2019-2324-1234871Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2018-15/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1464872%2C1463329%2C1419373%2C1412882%2C1413033%2C1444673%2C1454448%2C1453505%2C1438671
  • Exploit
  • Issue Tracking
  • Vendor Advisory
USN-3705-1
  • Third Party Advisory
1041193
  • Third Party Advisory
  • VDB Entry
104557
  • Third Party Advisory
  • VDB Entry
GLSA-201810-01
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      61.0

      Configuration 2

      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top