Vulnerability-Lookup

CVE-2018-12389 (GCVE-0-2018-12389)

Vulnerability from cvelistv5 – Published: 2019-02-28 18:00 – Updated: 2024-08-05 08:31

Summary

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.

Severity

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox ESR 60.3

Assigner

mozilla

References

17 references

URL	Tags
http://www.securityfocus.com/bid/105769	vdb-entryx_refsource_BID
https://www.debian.org/security/2018/dsa-4324	vendor-advisoryx_refsource_DEBIAN
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/201811-04	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/201811-13	vendor-advisoryx_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4337	vendor-advisoryx_refsource_DEBIAN
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3005	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3006	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3868-1/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3532	vendor-advisoryx_refsource_REDHAT
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/105723	vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:3531	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
http://www.securitytracker.com/id/1041944	vdb-entryx_refsource_SECTRACK

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox ESR	Affected: unspecified , < 60.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 60.3 (custom)

Date Public

2019-02-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:31:00.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105769",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105769"
          },
          {
            "name": "DSA-4324",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-28/"
          },
          {
            "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
          },
          {
            "name": "GLSA-201811-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-04"
          },
          {
            "name": "GLSA-201811-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "name": "DSA-4337",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4337"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
          },
          {
            "name": "RHSA-2018:3005",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3005"
          },
          {
            "name": "RHSA-2018:3006",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3006"
          },
          {
            "name": "USN-3868-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3868-1/"
          },
          {
            "name": "RHSA-2018:3532",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3532"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198"
          },
          {
            "name": "105723",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105723"
          },
          {
            "name": "RHSA-2018:3531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3531"
          },
          {
            "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
          },
          {
            "name": "1041944",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041944"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-02-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox ESR 60.3",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-01T10:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "105769",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105769"
        },
        {
          "name": "DSA-4324",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-28/"
        },
        {
          "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
        },
        {
          "name": "GLSA-201811-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-04"
        },
        {
          "name": "GLSA-201811-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-13"
        },
        {
          "name": "DSA-4337",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4337"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
        },
        {
          "name": "RHSA-2018:3005",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3005"
        },
        {
          "name": "RHSA-2018:3006",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3006"
        },
        {
          "name": "USN-3868-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3868-1/"
        },
        {
          "name": "RHSA-2018:3532",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3532"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198"
        },
        {
          "name": "105723",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105723"
        },
        {
          "name": "RHSA-2018:3531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3531"
        },
        {
          "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
        },
        {
          "name": "1041944",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041944"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-12389",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory safety bugs fixed in Firefox ESR 60.3"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105769",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105769"
            },
            {
              "name": "DSA-4324",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4324"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-28/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-28/"
            },
            {
              "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
            },
            {
              "name": "GLSA-201811-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-04"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-13"
            },
            {
              "name": "DSA-4337",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4337"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-27/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
            },
            {
              "name": "RHSA-2018:3005",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3005"
            },
            {
              "name": "RHSA-2018:3006",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3006"
            },
            {
              "name": "USN-3868-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3868-1/"
            },
            {
              "name": "RHSA-2018:3532",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3532"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198"
            },
            {
              "name": "105723",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105723"
            },
            {
              "name": "RHSA-2018:3531",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3531"
            },
            {
              "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
            },
            {
              "name": "1041944",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041944"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-12389",
    "datePublished": "2019-02-28T18:00:00.000Z",
    "dateReserved": "2018-06-14T00:00:00.000Z",
    "dateUpdated": "2024-08-05T08:31:00.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-12389",
      "date": "2026-06-08",
      "epss": "0.01126",
      "percentile": "0.78639"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"60.3.0\", \"matchCriteriaId\": \"22534559-54C1-4D9E-ADC6-948D417971FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"60.3.0\", \"matchCriteriaId\": \"B8C6DDE1-D17F-49AB-9521-C79D5B4618BD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.\"}, {\"lang\": \"es\", \"value\": \"Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupci\\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\\u00edan explotar para ejecutar c\\u00f3digo arbitrario. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.3 y Thunderbird en versiones anteriores a la 60.3.\"}]",
      "id": "CVE-2018-12389",
      "lastModified": "2024-11-21T03:45:07.307",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-02-28T18:29:00.320",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105723\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105769\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041944\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3005\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3006\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3531\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3532\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198\", \"source\": \"security@mozilla.org\", \"tags\": [\"Broken Link\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-04\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-13\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3868-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4324\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4337\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-27/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-28/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041944\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3868-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-27/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-28/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12389\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2019-02-28T18:29:00.320\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.\"},{\"lang\":\"es\",\"value\":\"Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupci\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\u00edan explotar para ejecutar c\u00f3digo arbitrario. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.3 y Thunderbird en versiones anteriores a la 60.3.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.3.0\",\"matchCriteriaId\":\"411B1F46-93E8-4CC5-ADCB-808E89B467E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.3.0\",\"matchCriteriaId\":\"B8C6DDE1-D17F-49AB-9521-C79D5B4618BD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105723\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105769\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041944\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3005\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3006\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3531\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3532\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198\",\"source\":\"security@mozilla.org\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-04\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3868-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4324\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4337\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-27/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-28/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3868-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-27/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-28/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

SUSE-SU-2018:3749-3

Vulnerability from csaf_suse - Published: 2019-04-27 16:09 - Updated: 2019-04-27 16:09

Summary

Security update for MozillaFirefox

Severity

Important

Notes

Title of the patch: Security update for MozillaFirefox

Description of the patch: This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.

Patchnames: SUSE-SLE-SAP-12-SP1-2019-1079

CVE-2018-12389

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12390

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12392

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12393

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12395

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12396

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12397

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64	—	Vendor Fix

Threats

Impact important

References

26 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1112852	self
https://www.suse.com/security/cve/CVE-2018-12389/	self
https://www.suse.com/security/cve/CVE-2018-12390/	self
https://www.suse.com/security/cve/CVE-2018-12392/	self
https://www.suse.com/security/cve/CVE-2018-12393/	self
https://www.suse.com/security/cve/CVE-2018-12395/	self
https://www.suse.com/security/cve/CVE-2018-12396/	self
https://www.suse.com/security/cve/CVE-2018-12397/	self
https://www.suse.com/security/cve/CVE-2018-12389	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12390	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12392	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12393	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12395	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12396	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12397	external
https://bugzilla.suse.com/1112852	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2019-1079",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-3.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3749-3",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-3/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3749-3",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005382.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112852",
        "url": "https://bugzilla.suse.com/1112852"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12389 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12389/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12390 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12390/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12392 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12392/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12393 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12393/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12395 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12395/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12396 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12396/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12397 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12397/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2019-04-27T16:09:30Z",
      "generator": {
        "date": "2019-04-27T16:09:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3749-3",
      "initial_release_date": "2019-04-27T16:09:30Z",
      "revision_history": [
        {
          "date": "2019-04-27T16:09:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
                "product": {
                  "name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
                  "product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
                  "product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
                  "product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64"
        },
        "product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12389",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12389"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12389",
          "url": "https://www.suse.com/security/cve/CVE-2018-12389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12389",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12389"
    },
    {
      "cve": "CVE-2018-12390",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12390"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12390",
          "url": "https://www.suse.com/security/cve/CVE-2018-12390"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12390",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12390"
    },
    {
      "cve": "CVE-2018-12392",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12392"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12392",
          "url": "https://www.suse.com/security/cve/CVE-2018-12392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12392",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12392"
    },
    {
      "cve": "CVE-2018-12393",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12393"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12393",
          "url": "https://www.suse.com/security/cve/CVE-2018-12393"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12393",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12393"
    },
    {
      "cve": "CVE-2018-12395",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12395"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12395",
          "url": "https://www.suse.com/security/cve/CVE-2018-12395"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12395",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12395"
    },
    {
      "cve": "CVE-2018-12396",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12396"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12396",
          "url": "https://www.suse.com/security/cve/CVE-2018-12396"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12396",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12396"
    },
    {
      "cve": "CVE-2018-12397",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12397"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12397",
          "url": "https://www.suse.com/security/cve/CVE-2018-12397"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12397",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-27T16:09:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12397"
    }
  ]
}

SUSE-SU-2018:3769-1

Vulnerability from csaf_suse - Published: 2018-11-14 13:15 - Updated: 2018-11-14 13:15

Summary

Security update for MozillaThunderbird

Severity

Important

Notes

Title of the patch: Security update for MozillaThunderbird

Description of the patch: This update for MozillaThunderbird fixes the following issues: Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852): Security issues fixed (MFSA 2018-28): - CVE-2018-12389: Fixed memory safety bugs. - CVE-2018-12390: Fixed memory safety bugs. - CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin. - CVE-2018-12392: Fixed crash with nested event loops. - CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript. Non-security issues fixed: - various theme fixes - Shift+PageUp/PageDown in Write window - Gloda attachment filtering - Mailing list address auto-complete enter/return handling - Thunderbird hung if HTML signature references non-existent image - Filters not working for headers that appear more than once - Update _constraints for armv6/7 - Add memory-constraints to avoid OOM errors

Patchnames: SUSE-SLE-Product-WE-15-2018-2660

CVE-2018-12389

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12390

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12391

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12392

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-12393

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64	—	Vendor Fix

Threats

Impact important

References

20 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1112852	self
https://www.suse.com/security/cve/CVE-2018-12389/	self
https://www.suse.com/security/cve/CVE-2018-12390/	self
https://www.suse.com/security/cve/CVE-2018-12391/	self
https://www.suse.com/security/cve/CVE-2018-12392/	self
https://www.suse.com/security/cve/CVE-2018-12393/	self
https://www.suse.com/security/cve/CVE-2018-12389	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12390	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12391	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12392	external
https://bugzilla.suse.com/1112852	external
https://www.suse.com/security/cve/CVE-2018-12393	external
https://bugzilla.suse.com/1112852	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaThunderbird",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaThunderbird fixes the following issues:\n\nThunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852):\n\nSecurity issues fixed (MFSA 2018-28):\n\n- CVE-2018-12389: Fixed memory safety bugs.\n- CVE-2018-12390: Fixed memory safety bugs.\n- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin.\n- CVE-2018-12392: Fixed crash with nested event loops.\n- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript.\n\nNon-security issues fixed:\n\n- various theme fixes\n- Shift+PageUp/PageDown in Write window\n- Gloda attachment filtering\n- Mailing list address auto-complete enter/return handling\n- Thunderbird hung if HTML signature references non-existent image\n- Filters not working for headers that appear more than once\n- Update _constraints for armv6/7\n- Add memory-constraints to avoid OOM errors\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Product-WE-15-2018-2660",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3769-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3769-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183769-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3769-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004851.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112852",
        "url": "https://bugzilla.suse.com/1112852"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12389 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12389/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12390 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12390/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12391 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12391/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12392 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12392/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12393 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12393/"
      }
    ],
    "title": "Security update for MozillaThunderbird",
    "tracking": {
      "current_release_date": "2018-11-14T13:15:48Z",
      "generator": {
        "date": "2018-11-14T13:15:48Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3769-1",
      "initial_release_date": "2018-11-14T13:15:48Z",
      "revision_history": [
        {
          "date": "2018-11-14T13:15:48Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-60.3.0-3.17.2.x86_64",
                "product": {
                  "name": "MozillaThunderbird-60.3.0-3.17.2.x86_64",
                  "product_id": "MozillaThunderbird-60.3.0-3.17.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Workstation Extension 15",
                "product": {
                  "name": "SUSE Linux Enterprise Workstation Extension 15",
                  "product_id": "SUSE Linux Enterprise Workstation Extension 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-we:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-60.3.0-3.17.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64"
        },
        "product_reference": "MozillaThunderbird-60.3.0-3.17.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
          "product_id": "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12389",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12389"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12389",
          "url": "https://www.suse.com/security/cve/CVE-2018-12389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12389",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-14T13:15:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12389"
    },
    {
      "cve": "CVE-2018-12390",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12390"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12390",
          "url": "https://www.suse.com/security/cve/CVE-2018-12390"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12390",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-14T13:15:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12390"
    },
    {
      "cve": "CVE-2018-12391",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12391"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12391",
          "url": "https://www.suse.com/security/cve/CVE-2018-12391"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12391",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-14T13:15:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12391"
    },
    {
      "cve": "CVE-2018-12392",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12392"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12392",
          "url": "https://www.suse.com/security/cve/CVE-2018-12392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12392",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-14T13:15:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12392"
    },
    {
      "cve": "CVE-2018-12393",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12393"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
          "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12393",
          "url": "https://www.suse.com/security/cve/CVE-2018-12393"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112852 for CVE-2018-12393",
          "url": "https://bugzilla.suse.com/1112852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
            "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-14T13:15:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12393"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12389 (GCVE-0-2018-12389)

SUSE-SU-2018:3749-3

SUSE-SU-2018:3769-1

Tags

Sightings

Nomenclature