Vulnerability-Lookup

BDU:2019-00508

Vulnerability from fstec - Published: 18.10.2018

Title

Уязвимость механизма записи потока мультимедиа веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с некорректной проверкой типа источника данных, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость механизма записи потока мультимедиа веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird связана с приведением потоковых данных к некорректному типу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании путем изменения типа источника мультимедиа во время записи

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Red Hat Inc., АО «ИВК», Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Mozilla Corp.

Software Name

Ubuntu, Red Hat Enterprise Linux, Альт Линукс СПТ (запись в едином реестре российских программ №9), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), Firefox ESR, Thunderbird, SUSE Linux Enterprise, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, Suse Linux Enterprise Server, Альт 8 СП Сервер, Альт 8 СП Рабочая станция, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Workstation Extension, SUSE Package Hub for SUSE Linux Enterprise, Firefox, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156)

Software Version

14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (Альт Линукс СПТ), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), до 52.9.0 (Firefox ESR), от 52.9.1 до 60.1.0 (Firefox ESR), до 60.0 (Thunderbird), 12 SP3 (SUSE Linux Enterprise), 12 SP4 (SUSE Linux Enterprise), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), - (Альт 8 СП Сервер), - (Альт 8 СП Рабочая станция), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 11 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), 11 SP3-LTSS (Suse Linux Enterprise Server), 12 (SUSE Package Hub for SUSE Linux Enterprise), 12 SP2-CLIEN (SUSE Linux Enterprise Point of Sale), до 61 (Firefox), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»)

Possible Mitigations

Для Firefox: Обновление программного обеспечения до 61.0 или более поздней версии Для Firefox ESR: Обновление программного обеспечения до 60.1.0 или более поздней версии Для Thunderbird: Обновление программного обеспечения до 60.0 или более поздней версии Для Astra Linux - обновление: пакета firefox до 61.0-1 или более поздней версии; пакета firefox-esr до 52.9.0esr-1~deb8u1 или более поздней версии; пакета thunderbird до 1:60.3.0-1~deb8u1 или более поздней версии Для Ubuntu: https://usn.ubuntu.com/3705-1/ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-5156/ Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html Для Альт Линукс СПТ: https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html Для Альт 8 СП Сервер и Альт 8 СП Рабочая станция: http://altsp.su/obnovleniya-bezopasnosti/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2018-5156

Reference

https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/ https://usn.ubuntu.com/3705-1/ https://www.suse.com/security/cve/CVE-2018-5156/ https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html http://altsp.su/obnovleniya-bezopasnosti/ https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://www.debian.org/security/2018/dsa-4295 https://www.debian.org/security/2018/dsa-4235 https://access.redhat.com/security/cve/cve-2018-5156 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u0434\u043e 52.9.0 (Firefox ESR), \u043e\u0442 52.9.1 \u0434\u043e 60.1.0 (Firefox ESR), \u0434\u043e 60.0 (Thunderbird), 12 SP3 (SUSE Linux Enterprise), 12 SP4 (SUSE Linux Enterprise), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 11 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), 11 SP3-LTSS (Suse Linux Enterprise Server), 12 (SUSE Package Hub for SUSE Linux Enterprise), 12 SP2-CLIEN (SUSE Linux Enterprise Point of Sale), \u0434\u043e 61 (Firefox), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 61.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Firefox ESR:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 60.1.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 60.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux - \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435:\n\u043f\u0430\u043a\u0435\u0442\u0430 firefox \u0434\u043e 61.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438; \n\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr \u0434\u043e 52.9.0esr-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438; \n\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird \u0434\u043e 1:60.3.0-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3705-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-5156/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\nhttps://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422:\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440 \u0438 \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f:\nhttp://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2018-5156",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.02.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00508",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-5156",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Firefox ESR, Thunderbird, SUSE Linux Enterprise, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, Suse Linux Enterprise Server, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Workstation Extension, SUSE Package Hub for SUSE Linux Enterprise, Firefox, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 7.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 17.10 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. SUSE Linux Enterprise 12 SP3 , Novell Inc. SUSE Linux Enterprise 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. Suse Linux Enterprise Server 11 SP4 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440 - , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f - , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. Suse Linux Enterprise Server 12-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP3-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. Suse Linux Enterprise Server 11 SP3-LTSS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u0442\u043e\u043a\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0439 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0442\u0438\u043f\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u0442\u043e\u043a\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0439 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u043c\u0443 \u0442\u0438\u043f\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u043f\u0438\u0441\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-19/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-17/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-15/\nhttps://usn.ubuntu.com/3705-1/\nhttps://www.suse.com/security/cve/CVE-2018-5156/\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html\nhttp://altsp.su/obnovleniya-bezopasnosti/\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\nhttps://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\nhttps://www.debian.org/security/2018/dsa-4295\nhttps://www.debian.org/security/2018/dsa-4235\nhttps://access.redhat.com/security/cve/cve-2018-5156\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2018-5156 (GCVE-0-2018-5156)

Vulnerability from cvelistv5 – Published: 2018-10-18 13:00 – Updated: 2024-08-05 05:26

Summary

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity ?

No CVSS data available.

CWE

Media recorder segmentation fault when track type is changed during capture

Assigner

mozilla

References

URL

Tags

	https://security.gentoo.org/glsa/201810-01	vendor-advisoryx_refsource_GENTOO
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2112	vendor-advisoryx_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/201811-13	vendor-advisoryx_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1453127	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4235	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2018/dsa-4295	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2113	vendor-advisoryx_refsource_REDHAT
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104560	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1041193	vdb-entryx_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
	https://usn.ubuntu.com/3705-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST

Impacted products

Vendor

Product

Version

Mozilla

Thunderbird

Affected: unspecified , < 60 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 60.1 (custom) Affected: unspecified , < 52.9 (custom)
	Mozilla	Firefox	Affected: unspecified , < 61 (custom)

Date Public ?

2018-06-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:26:46.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
          },
          {
            "name": "RHSA-2018:2112",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2112"
          },
          {
            "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
          },
          {
            "name": "GLSA-201811-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
          },
          {
            "name": "DSA-4235",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4235"
          },
          {
            "name": "DSA-4295",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4295"
          },
          {
            "name": "RHSA-2018:2113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
          },
          {
            "name": "104560",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104560"
          },
          {
            "name": "1041193",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
          },
          {
            "name": "USN-3705-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3705-1/"
          },
          {
            "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "52.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Media recorder segmentation fault when track type is changed during capture",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
        },
        {
          "name": "RHSA-2018:2112",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2112"
        },
        {
          "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
        },
        {
          "name": "GLSA-201811-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
        },
        {
          "name": "DSA-4235",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4235"
        },
        {
          "name": "DSA-4295",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4295"
        },
        {
          "name": "RHSA-2018:2113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
        },
        {
          "name": "104560",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104560"
        },
        {
          "name": "1041193",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
        },
        {
          "name": "USN-3705-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3705-1/"
        },
        {
          "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-5156",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "61"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Media recorder segmentation fault when track type is changed during capture"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
            },
            {
              "name": "RHSA-2018:2112",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2112"
            },
            {
              "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-13"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
            },
            {
              "name": "DSA-4235",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4235"
            },
            {
              "name": "DSA-4295",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4295"
            },
            {
              "name": "RHSA-2018:2113",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2113"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
            },
            {
              "name": "104560",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104560"
            },
            {
              "name": "1041193",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041193"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
            },
            {
              "name": "USN-3705-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3705-1/"
            },
            {
              "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-5156",
    "datePublished": "2018-10-18T13:00:00.000Z",
    "dateReserved": "2018-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:26:46.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-00508

CVE-2018-5156 (GCVE-0-2018-5156)

Tags

Sightings

Nomenclature