Vulnerability-Lookup

CVE-2018-5104 (GCVE-0-2018-5104)

Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-05 05:26

Summary

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity ?

No CVSS data available.

CWE

Use-after-free during font face manipulation

Assigner

mozilla

References

13 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
http://www.securitytracker.com/id/1040270	vdb-entryx_refsource_SECTRACK
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/102783	vdb-entryx_refsource_BID
https://www.debian.org/security/2018/dsa-4096	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0262	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3544-1/	vendor-advisoryx_refsource_UBUNTU
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0122	vendor-advisoryx_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4102	vendor-advisoryx_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=1425000	x_refsource_CONFIRM

Impacted products

3 products

Vendor	Product	Version
Mozilla	Thunderbird	Affected: unspecified , < 52.6 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 52.6 (custom)
Mozilla	Firefox	Affected: unspecified , < 58 (custom)

Date Public ?

2018-01-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:26:46.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
          },
          {
            "name": "1040270",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040270"
          },
          {
            "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
          },
          {
            "name": "102783",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102783"
          },
          {
            "name": "DSA-4096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4096"
          },
          {
            "name": "RHSA-2018:0262",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0262"
          },
          {
            "name": "USN-3544-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3544-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
          },
          {
            "name": "RHSA-2018:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0122"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
          },
          {
            "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
          },
          {
            "name": "DSA-4102",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4102"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "58",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-01-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free during font face manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
        },
        {
          "name": "1040270",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040270"
        },
        {
          "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
        },
        {
          "name": "102783",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102783"
        },
        {
          "name": "DSA-4096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4096"
        },
        {
          "name": "RHSA-2018:0262",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0262"
        },
        {
          "name": "USN-3544-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3544-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
        },
        {
          "name": "RHSA-2018:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0122"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
        },
        {
          "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
        },
        {
          "name": "DSA-4102",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4102"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-5104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "58"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free during font face manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
            },
            {
              "name": "1040270",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040270"
            },
            {
              "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
            },
            {
              "name": "102783",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102783"
            },
            {
              "name": "DSA-4096",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4096"
            },
            {
              "name": "RHSA-2018:0262",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0262"
            },
            {
              "name": "USN-3544-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3544-1/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
            },
            {
              "name": "RHSA-2018:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0122"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
            },
            {
              "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
            },
            {
              "name": "DSA-4102",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4102"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-5104",
    "datePublished": "2018-06-11T21:00:00.000Z",
    "dateReserved": "2018-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:26:46.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-5104",
      "date": "2026-05-19",
      "epss": "0.24112",
      "percentile": "0.96141"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"58.0\", \"matchCriteriaId\": \"FF7F3816-EA18-400D-BA82-94F233EF1082\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.6.0\", \"matchCriteriaId\": \"DFBC18A1-B9C1-4C7B-AFAB-4480F290DBD9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.6.0\", \"matchCriteriaId\": \"59FA92DA-EBD7-4C6E-9E5D-1F3F08BAF25D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\"}, {\"lang\": \"es\", \"value\": \"Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante la manipulaci\\u00f3n de font-face cuando una regla font face se libera mientras se utiliza, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox.\"}]",
      "id": "CVE-2018-5104",
      "lastModified": "2024-11-21T04:08:06.790",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-11T21:29:12.953",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102783\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040270\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0122\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0262\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1425000\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3544-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4096\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4102\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-02/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-03/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-04/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040270\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1425000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3544-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-02/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-03/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-04/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5104\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:12.953\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\"},{\"lang\":\"es\",\"value\":\"Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante la manipulaci\u00f3n de font-face cuando una regla font face se libera mientras se utiliza, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"58.0\",\"matchCriteriaId\":\"FF7F3816-EA18-400D-BA82-94F233EF1082\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.6.0\",\"matchCriteriaId\":\"0EFA7D9A-6497-4FF8-9A18-4EBCAAB755D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.6.0\",\"matchCriteriaId\":\"59FA92DA-EBD7-4C6E-9E5D-1F3F08BAF25D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102783\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040270\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0122\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0262\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1425000\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3544-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4096\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4102\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-02/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-03/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-04/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1425000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3544-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-03/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-04/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-052

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 58
	Mozilla	Firefox	Firefox ESR versions antérieures à 52.6

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-03 du 23 janvier 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-02 du 23 janvier 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 58",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 52.6",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
    },
    {
      "name": "CVE-2018-5092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5092"
    },
    {
      "name": "CVE-2018-5118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5118"
    },
    {
      "name": "CVE-2018-5105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5105"
    },
    {
      "name": "CVE-2018-5109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5109"
    },
    {
      "name": "CVE-2018-5112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5112"
    },
    {
      "name": "CVE-2018-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
    },
    {
      "name": "CVE-2018-5103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
    },
    {
      "name": "CVE-2018-5101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5101"
    },
    {
      "name": "CVE-2018-5121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5121"
    },
    {
      "name": "CVE-2018-5115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5115"
    },
    {
      "name": "CVE-2018-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5107"
    },
    {
      "name": "CVE-2018-5110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5110"
    },
    {
      "name": "CVE-2018-5093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5093"
    },
    {
      "name": "CVE-2018-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
    },
    {
      "name": "CVE-2018-5104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
    },
    {
      "name": "CVE-2018-5117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
    },
    {
      "name": "CVE-2018-5122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5122"
    },
    {
      "name": "CVE-2018-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5116"
    },
    {
      "name": "CVE-2018-5090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5090"
    },
    {
      "name": "CVE-2018-5100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5100"
    },
    {
      "name": "CVE-2018-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5119"
    },
    {
      "name": "CVE-2018-5108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5108"
    },
    {
      "name": "CVE-2018-5098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
    },
    {
      "name": "CVE-2018-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
    },
    {
      "name": "CVE-2018-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5094"
    },
    {
      "name": "CVE-2018-5111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5111"
    },
    {
      "name": "CVE-2018-5106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5106"
    },
    {
      "name": "CVE-2018-5102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
    },
    {
      "name": "CVE-2018-5113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5113"
    },
    {
      "name": "CVE-2018-5114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5114"
    },
    {
      "name": "CVE-2018-5099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
    },
    {
      "name": "CVE-2018-5091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5091"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-052",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-03 du 23 janvier 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-02 du 23 janvier 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"
    }
  ]
}

CERTFR-2018-AVI-058

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-04 du 25 janvier 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
    },
    {
      "name": "CVE-2018-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
    },
    {
      "name": "CVE-2018-5103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
    },
    {
      "name": "CVE-2018-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
    },
    {
      "name": "CVE-2018-5104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
    },
    {
      "name": "CVE-2018-5117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
    },
    {
      "name": "CVE-2018-5098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
    },
    {
      "name": "CVE-2018-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
    },
    {
      "name": "CVE-2018-5102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
    },
    {
      "name": "CVE-2018-5099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-058",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-04 du 25 janvier 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/"
    }
  ]
}

CERTFR-2018-AVI-052

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 58
	Mozilla	Firefox	Firefox ESR versions antérieures à 52.6

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-03 du 23 janvier 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-02 du 23 janvier 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 58",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 52.6",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
    },
    {
      "name": "CVE-2018-5092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5092"
    },
    {
      "name": "CVE-2018-5118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5118"
    },
    {
      "name": "CVE-2018-5105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5105"
    },
    {
      "name": "CVE-2018-5109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5109"
    },
    {
      "name": "CVE-2018-5112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5112"
    },
    {
      "name": "CVE-2018-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
    },
    {
      "name": "CVE-2018-5103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
    },
    {
      "name": "CVE-2018-5101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5101"
    },
    {
      "name": "CVE-2018-5121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5121"
    },
    {
      "name": "CVE-2018-5115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5115"
    },
    {
      "name": "CVE-2018-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5107"
    },
    {
      "name": "CVE-2018-5110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5110"
    },
    {
      "name": "CVE-2018-5093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5093"
    },
    {
      "name": "CVE-2018-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
    },
    {
      "name": "CVE-2018-5104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
    },
    {
      "name": "CVE-2018-5117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
    },
    {
      "name": "CVE-2018-5122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5122"
    },
    {
      "name": "CVE-2018-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5116"
    },
    {
      "name": "CVE-2018-5090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5090"
    },
    {
      "name": "CVE-2018-5100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5100"
    },
    {
      "name": "CVE-2018-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5119"
    },
    {
      "name": "CVE-2018-5108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5108"
    },
    {
      "name": "CVE-2018-5098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
    },
    {
      "name": "CVE-2018-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
    },
    {
      "name": "CVE-2018-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5094"
    },
    {
      "name": "CVE-2018-5111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5111"
    },
    {
      "name": "CVE-2018-5106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5106"
    },
    {
      "name": "CVE-2018-5102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
    },
    {
      "name": "CVE-2018-5113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5113"
    },
    {
      "name": "CVE-2018-5114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5114"
    },
    {
      "name": "CVE-2018-5099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
    },
    {
      "name": "CVE-2018-5091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5091"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-052",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-03 du 23 janvier 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-02 du 23 janvier 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"
    }
  ]
}

CERTFR-2018-AVI-058

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-04 du 25 janvier 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
    },
    {
      "name": "CVE-2018-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
    },
    {
      "name": "CVE-2018-5103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
    },
    {
      "name": "CVE-2018-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
    },
    {
      "name": "CVE-2018-5104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
    },
    {
      "name": "CVE-2018-5117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
    },
    {
      "name": "CVE-2018-5098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
    },
    {
      "name": "CVE-2018-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
    },
    {
      "name": "CVE-2018-5102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
    },
    {
      "name": "CVE-2018-5099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-058",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-04 du 25 janvier 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/"
    }
  ]
}

BDU:2021-00067

Vulnerability from fstec - Published: 11.06.2018

Title

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождениям, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Description

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird связана c использованием после освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «РусБИТех-Астра», Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Mozilla Corp.

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Firefox, Firefox ESR, Thunderbird

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 17.10 (Ubuntu), до 58 (Firefox), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 52.6.0 (Firefox ESR), до 52.6.0 (Thunderbird)

Possible Mitigations

Использование рекомендаций: Для firefox: Обновление программного обеспечения до 76.0.1-2 или более поздней версии Для firefox-esr: Обновление программного обеспечения до 68.8.0esr-1~deb10u1 или более поздней версии Для thunderbird: Обновление программного обеспечения до 1:68.8.0-1~deb10u1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета firefox) до 76.0.1-2 или более поздней версии, (пакета firefox-esr) до 68.8.0esr-1~deb10u1 или более поздней версии, (пакета thunderbird) до 1:68.8.0-1~deb10u1 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета firefox) до 76.0.1-2 или более поздней версии, (пакета firefox-esr) до 68.8.0esr-1~deb10u1 или более поздней версии, (пакета thunderbird) до 1:68.8.0-1~deb10u1 или более поздней версии Для программных продуктов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2018:0262 Для Ubuntu: https://ubuntu.com/security/notices/USN-3544-1

Reference

https://access.redhat.com/errata/RHSA-2018:0262 https://ubuntu.com/security/notices/USN-3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02/ https://www.mozilla.org/security/advisories/mfsa2018-03/ https://www.mozilla.org/security/advisories/mfsa2018-04/ https://nvd.nist.gov/vuln/detail/CVE-2018-5104 https://security-tracker.debian.org/tracker/CVE-2018-5104 https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 17.10 (Ubuntu), \u0434\u043e 58 (Firefox), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 52.6.0 (Firefox ESR), \u0434\u043e 52.6.0 (Thunderbird)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 76.0.1-2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f firefox-esr:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 68.8.0esr-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1:68.8.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 76.0.1-2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr) \u0434\u043e 68.8.0esr-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:68.8.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 76.0.1-2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr) \u0434\u043e 68.8.0esr-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:68.8.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2018:0262\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-3544-1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.06.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.01.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00067",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-5104",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Firefox, Firefox ESR, Thunderbird",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 17.10 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/errata/RHSA-2018:0262\nhttps://ubuntu.com/security/notices/USN-3544-1\nhttps://www.mozilla.org/security/advisories/mfsa2018-02/\nhttps://www.mozilla.org/security/advisories/mfsa2018-03/\nhttps://www.mozilla.org/security/advisories/mfsa2018-04/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5104\nhttps://security-tracker.debian.org/tracker/CVE-2018-5104 \nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2018-02646

Vulnerability from cnvd - Published: 2018-02-02

Title

Mozilla Firefox和Firefox ESR内存错误引用漏洞（CNVD-2018-02646）

Description

Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。 Mozilla Firefox 58之前版本和Firefox ESR 52.6之前版本中存在内存错误引用漏洞。远程攻击者可利用该漏洞造成拒绝服务（崩溃）。

Severity

中

Patch Name

Mozilla Firefox和Firefox ESR内存错误引用漏洞（CNVD-2018-02646）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/

Reference

http://www.securityfocus.com/bid/102783

Impacted products

Name
['Mozilla Firefox <58', 'Mozilla Firefox ESR <52.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5104"
    }
  },
  "description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 58\u4e4b\u524d\u7248\u672c\u548cFirefox ESR 52.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
  "discovererName": "Nils",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-02/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02646",
  "openTime": "2018-02-02",
  "patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 58\u4e4b\u524d\u7248\u672c\u548cFirefox ESR 52.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u548cFirefox ESR\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-02646\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c58",
      "Mozilla Firefox ESR \u003c52.6"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/102783",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-25",
  "title": "Mozilla Firefox\u548cFirefox ESR\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-02646\uff09"
}

FKIE_CVE-2018-5104

Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	http://www.securityfocus.com/bid/102783	Third Party Advisory, VDB Entry
security@mozilla.org	http://www.securitytracker.com/id/1040270	Third Party Advisory, VDB Entry
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:0122	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:0262	Third Party Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1425000	Issue Tracking, Permissions Required, Third Party Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html	Third Party Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/3544-1/	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2018/dsa-4096	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2018/dsa-4102	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-02/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-03/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-04/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102783	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040270	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0262	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1425000	Issue Tracking, Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3544-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4096	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4102	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-02/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-03/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-04/	Vendor Advisory

Impacted products

Vendor	Product	Version
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_eus	7.4
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF7F3816-EA18-400D-BA82-94F233EF1082",
              "versionEndExcluding": "58.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EFA7D9A-6497-4FF8-9A18-4EBCAAB755D5",
              "versionEndExcluding": "52.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FA92DA-EBD7-4C6E-9E5D-1F3F08BAF25D",
              "versionEndExcluding": "52.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
    },
    {
      "lang": "es",
      "value": "Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante la manipulaci\u00f3n de font-face cuando una regla font face se libera mientras se utiliza, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox."
    }
  ],
  "id": "CVE-2018-5104",
  "lastModified": "2025-11-25T17:50:16.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-11T21:29:12.953",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102783"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040270"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0122"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0262"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3544-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4096"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4102"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3544-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W2H2-6MFQ-PG77

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-5104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
  "id": "GHSA-w2h2-6mfq-pg77",
  "modified": "2025-11-25T18:32:11Z",
  "published": "2022-05-14T03:10:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5104"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0122"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0262"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3544-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4096"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4102"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-02"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-03"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-04"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102783"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040270"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-5104

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-5104

Aliases

CVE-2018-5104

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-5104",
    "description": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
    "id": "GSD-2018-5104",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-5104.html",
      "https://www.debian.org/security/2018/dsa-4102",
      "https://www.debian.org/security/2018/dsa-4096",
      "https://access.redhat.com/errata/RHSA-2018:0262",
      "https://access.redhat.com/errata/RHSA-2018:0122",
      "https://ubuntu.com/security/CVE-2018-5104",
      "https://advisories.mageia.org/CVE-2018-5104.html",
      "https://linux.oracle.com/cve/CVE-2018-5104.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-5104"
      ],
      "details": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
      "id": "GSD-2018-5104",
      "modified": "2023-12-13T01:22:39.772865Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2018-5104",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "58"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use-after-free during font face manipulation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
          },
          {
            "name": "1040270",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040270"
          },
          {
            "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
          },
          {
            "name": "102783",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102783"
          },
          {
            "name": "DSA-4096",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4096"
          },
          {
            "name": "RHSA-2018:0262",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0262"
          },
          {
            "name": "USN-3544-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3544-1/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
          },
          {
            "name": "RHSA-2018:0122",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0122"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
          },
          {
            "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
          },
          {
            "name": "DSA-4102",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4102"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2018-5104"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "58"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox \u003c 58, and Firefox ESR \u003c 52.6."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use-after-free during font face manipulation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "58.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "52.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "52.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-5104"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
            },
            {
              "name": "DSA-4102",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4102"
            },
            {
              "name": "DSA-4096",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4096"
            },
            {
              "name": "USN-3544-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3544-1/"
            },
            {
              "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
            },
            {
              "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
            },
            {
              "name": "RHSA-2018:0262",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0262"
            },
            {
              "name": "RHSA-2018:0122",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0122"
            },
            {
              "name": "1040270",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040270"
            },
            {
              "name": "102783",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102783"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-08-03T16:57Z",
      "publishedDate": "2018-06-11T21:29Z"
    }
  }
}

OPENSUSE-SU-2018:0256-1

Vulnerability from csaf_opensuse - Published: 2018-01-27 21:50 - Updated: 2018-01-27 21:50

Summary

Security update for MozillaThunderbird

Severity

Important

Notes

Title of the patch: Security update for MozillaThunderbird

Description of the patch: This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). These security issues were fixed: - Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. - Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices - Calendar: Unintended task deletion if numlock is enabled

Patchnames: openSUSE-2018-101

CVE-2018-5089

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5095

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5096

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5097

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5098

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5099

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5102

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5103

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5104

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5117

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

35 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1077291	self
https://www.suse.com/security/cve/CVE-2018-5089/	self
https://www.suse.com/security/cve/CVE-2018-5095/	self
https://www.suse.com/security/cve/CVE-2018-5096/	self
https://www.suse.com/security/cve/CVE-2018-5097/	self
https://www.suse.com/security/cve/CVE-2018-5098/	self
https://www.suse.com/security/cve/CVE-2018-5099/	self
https://www.suse.com/security/cve/CVE-2018-5102/	self
https://www.suse.com/security/cve/CVE-2018-5103/	self
https://www.suse.com/security/cve/CVE-2018-5104/	self
https://www.suse.com/security/cve/CVE-2018-5117/	self
https://www.suse.com/security/cve/CVE-2018-5089	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5095	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5096	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5097	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5098	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5099	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5102	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5103	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5104	external
https://bugzilla.suse.com/1077291	external
https://www.suse.com/security/cve/CVE-2018-5117	external
https://bugzilla.suse.com/1077291	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaThunderbird",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaThunderbird  to version 52.6 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2018-5095: Integer overflow in Skia library during edge builder\n  allocation (bsc#1077291).\n- CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT\n  (bsc#1077291).\n- CVE-2018-5098: Use-after-free while manipulating form input elements\n  (bsc#1077291).\n- CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n- CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n- CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n- CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).\n- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right\n  (bsc#1077291).\n- CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\nThese security issues were fixed:\n\n- Searching message bodies of messages in local folders, including\n  filter and quick filter operations, not working reliably: Content\n  not found in base64-encode message parts, non-ASCII text not found\n  and false positives found.\n- Defective messages (without at least one expected header) not shown\n  in IMAP folders but shown on mobile devices\n- Calendar: Unintended task deletion if numlock is enabled\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2018-101",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0256-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2018:0256-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BDMR3YENC7V5BUBRGJXWANWHWNBW46OF/#BDMR3YENC7V5BUBRGJXWANWHWNBW46OF"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2018:0256-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BDMR3YENC7V5BUBRGJXWANWHWNBW46OF/#BDMR3YENC7V5BUBRGJXWANWHWNBW46OF"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1077291",
        "url": "https://bugzilla.suse.com/1077291"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5089 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5089/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5095 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5095/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5096 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5096/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5097 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5098 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5098/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5099 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5099/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5102 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5102/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5103 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5103/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5104 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5104/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5117 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5117/"
      }
    ],
    "title": "Security update for MozillaThunderbird",
    "tracking": {
      "current_release_date": "2018-01-27T21:50:06Z",
      "generator": {
        "date": "2018-01-27T21:50:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2018:0256-1",
      "initial_release_date": "2018-01-27T21:50:06Z",
      "revision_history": [
        {
          "date": "2018-01-27T21:50:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-52.6-54.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-52.6-54.1.x86_64",
                  "product_id": "MozillaThunderbird-52.6-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
                  "product_id": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-devel-52.6-54.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-devel-52.6-54.1.x86_64",
                  "product_id": "MozillaThunderbird-devel-52.6-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-52.6-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-52.6-54.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-52.6-54.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-devel-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-devel-52.6-54.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-5089",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5089"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5089",
          "url": "https://www.suse.com/security/cve/CVE-2018-5089"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5089",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5089"
    },
    {
      "cve": "CVE-2018-5095",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5095"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5095",
          "url": "https://www.suse.com/security/cve/CVE-2018-5095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5095",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5095"
    },
    {
      "cve": "CVE-2018-5096",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5096"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.6 and Thunderbird \u003c 52.6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5096",
          "url": "https://www.suse.com/security/cve/CVE-2018-5096"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5096",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5096"
    },
    {
      "cve": "CVE-2018-5097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5097",
          "url": "https://www.suse.com/security/cve/CVE-2018-5097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5097",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5097"
    },
    {
      "cve": "CVE-2018-5098",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5098"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5098",
          "url": "https://www.suse.com/security/cve/CVE-2018-5098"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5098",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5098"
    },
    {
      "cve": "CVE-2018-5099",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5099"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5099",
          "url": "https://www.suse.com/security/cve/CVE-2018-5099"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5099",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5099"
    },
    {
      "cve": "CVE-2018-5102",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5102"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5102",
          "url": "https://www.suse.com/security/cve/CVE-2018-5102"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5102",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5102"
    },
    {
      "cve": "CVE-2018-5103",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5103"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5103",
          "url": "https://www.suse.com/security/cve/CVE-2018-5103"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5103",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5103"
    },
    {
      "cve": "CVE-2018-5104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5104",
          "url": "https://www.suse.com/security/cve/CVE-2018-5104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5104",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5104"
    },
    {
      "cve": "CVE-2018-5117",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5117"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5117",
          "url": "https://www.suse.com/security/cve/CVE-2018-5117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077291 for CVE-2018-5117",
          "url": "https://bugzilla.suse.com/1077291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-01-27T21:50:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5117"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-5104 (GCVE-0-2018-5104)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature