Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-5097 (GCVE-0-2018-5097)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-05 05:26
VLAI?
EPSS
Summary
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Severity ?
No CVSS data available.
CWE
- Use-after-free when source document is manipulated during XSLT
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1040270 | vdb-entryx_refsource_SECTRACK |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/102783 | vdb-entryx_refsource_BID |
| https://www.debian.org/security/2018/dsa-4096 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1387427 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0262 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3544-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0122 | vendor-advisoryx_refsource_REDHAT |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4102 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 52.6
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 52.6
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 58
(custom)
|
Date Public ?
2018-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name": "1040270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name": "102783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102783"
},
{
"name": "DSA-4096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"name": "RHSA-2018:0262",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name": "USN-3544-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name": "RHSA-2018:0122",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name": "DSA-4102",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "58",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free when source document is manipulated during XSLT",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name": "1040270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name": "102783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102783"
},
{
"name": "DSA-4096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"name": "RHSA-2018:0262",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name": "USN-3544-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name": "RHSA-2018:0122",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name": "DSA-4102",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "58"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free when source document is manipulated during XSLT"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name": "1040270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name": "102783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102783"
},
{
"name": "DSA-4096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"name": "RHSA-2018:0262",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name": "USN-3544-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name": "RHSA-2018:0122",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name": "DSA-4102",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5097",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2018-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:26:46.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-5097",
"date": "2026-05-19",
"epss": "0.24112",
"percentile": "0.96141"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"58.0\", \"matchCriteriaId\": \"FF7F3816-EA18-400D-BA82-94F233EF1082\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.6.0\", \"matchCriteriaId\": \"DFBC18A1-B9C1-4C7B-AFAB-4480F290DBD9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.6.0\", \"matchCriteriaId\": \"59FA92DA-EBD7-4C6E-9E5D-1F3F08BAF25D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\"}, {\"lang\": \"es\", \"value\": \"Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las transformaciones XSL cuando el documento de origen para la transformaci\\u00f3n se manipula con scripts durante la transformaci\\u00f3n. Esto resulta en un cierre inesperado explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox.\"}]",
"id": "CVE-2018-5097",
"lastModified": "2024-11-21T04:08:05.720",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-06-11T21:29:12.577",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/102783\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040270\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0122\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0262\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1387427\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3544-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4096\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4102\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-02/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-03/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-04/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040270\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1387427\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3544-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-02/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-03/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-04/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-5097\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:12.577\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\"},{\"lang\":\"es\",\"value\":\"Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las transformaciones XSL cuando el documento de origen para la transformaci\u00f3n se manipula con scripts durante la transformaci\u00f3n. Esto resulta en un cierre inesperado explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"58.0\",\"matchCriteriaId\":\"FF7F3816-EA18-400D-BA82-94F233EF1082\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.6.0\",\"matchCriteriaId\":\"0EFA7D9A-6497-4FF8-9A18-4EBCAAB755D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.6.0\",\"matchCriteriaId\":\"59FA92DA-EBD7-4C6E-9E5D-1F3F08BAF25D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102783\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040270\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0122\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0262\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1387427\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3544-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4096\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4102\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-02/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-03/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-04/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1387427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3544-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-03/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-04/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2018-AVI-052
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 58",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 52.6",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
},
{
"name": "CVE-2018-5092",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5092"
},
{
"name": "CVE-2018-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5118"
},
{
"name": "CVE-2018-5105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5105"
},
{
"name": "CVE-2018-5109",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5109"
},
{
"name": "CVE-2018-5112",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5112"
},
{
"name": "CVE-2018-5097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
},
{
"name": "CVE-2018-5103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
},
{
"name": "CVE-2018-5101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5101"
},
{
"name": "CVE-2018-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5121"
},
{
"name": "CVE-2018-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5115"
},
{
"name": "CVE-2018-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5107"
},
{
"name": "CVE-2018-5110",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5110"
},
{
"name": "CVE-2018-5093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5093"
},
{
"name": "CVE-2018-5089",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
},
{
"name": "CVE-2018-5104",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
},
{
"name": "CVE-2018-5117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
},
{
"name": "CVE-2018-5122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5122"
},
{
"name": "CVE-2018-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5116"
},
{
"name": "CVE-2018-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5090"
},
{
"name": "CVE-2018-5100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5100"
},
{
"name": "CVE-2018-5119",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5119"
},
{
"name": "CVE-2018-5108",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5108"
},
{
"name": "CVE-2018-5098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
},
{
"name": "CVE-2018-5095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
},
{
"name": "CVE-2018-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5094"
},
{
"name": "CVE-2018-5111",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5111"
},
{
"name": "CVE-2018-5106",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5106"
},
{
"name": "CVE-2018-5102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
},
{
"name": "CVE-2018-5113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5113"
},
{
"name": "CVE-2018-5114",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5114"
},
{
"name": "CVE-2018-5099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
},
{
"name": "CVE-2018-5091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5091"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-03 du 23 janvier 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-02 du 23 janvier 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"
}
]
}
CERTFR-2018-AVI-058
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
},
{
"name": "CVE-2018-5097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
},
{
"name": "CVE-2018-5103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
},
{
"name": "CVE-2018-5089",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
},
{
"name": "CVE-2018-5104",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
},
{
"name": "CVE-2018-5117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
},
{
"name": "CVE-2018-5098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
},
{
"name": "CVE-2018-5095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
},
{
"name": "CVE-2018-5102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
},
{
"name": "CVE-2018-5099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-04 du 25 janvier 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/"
}
]
}
CERTFR-2018-AVI-052
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 58",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 52.6",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
},
{
"name": "CVE-2018-5092",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5092"
},
{
"name": "CVE-2018-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5118"
},
{
"name": "CVE-2018-5105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5105"
},
{
"name": "CVE-2018-5109",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5109"
},
{
"name": "CVE-2018-5112",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5112"
},
{
"name": "CVE-2018-5097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
},
{
"name": "CVE-2018-5103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
},
{
"name": "CVE-2018-5101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5101"
},
{
"name": "CVE-2018-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5121"
},
{
"name": "CVE-2018-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5115"
},
{
"name": "CVE-2018-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5107"
},
{
"name": "CVE-2018-5110",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5110"
},
{
"name": "CVE-2018-5093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5093"
},
{
"name": "CVE-2018-5089",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
},
{
"name": "CVE-2018-5104",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
},
{
"name": "CVE-2018-5117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
},
{
"name": "CVE-2018-5122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5122"
},
{
"name": "CVE-2018-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5116"
},
{
"name": "CVE-2018-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5090"
},
{
"name": "CVE-2018-5100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5100"
},
{
"name": "CVE-2018-5119",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5119"
},
{
"name": "CVE-2018-5108",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5108"
},
{
"name": "CVE-2018-5098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
},
{
"name": "CVE-2018-5095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
},
{
"name": "CVE-2018-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5094"
},
{
"name": "CVE-2018-5111",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5111"
},
{
"name": "CVE-2018-5106",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5106"
},
{
"name": "CVE-2018-5102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
},
{
"name": "CVE-2018-5113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5113"
},
{
"name": "CVE-2018-5114",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5114"
},
{
"name": "CVE-2018-5099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
},
{
"name": "CVE-2018-5091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5091"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-03 du 23 janvier 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-02 du 23 janvier 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"
}
]
}
CERTFR-2018-AVI-058
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5096"
},
{
"name": "CVE-2018-5097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5097"
},
{
"name": "CVE-2018-5103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5103"
},
{
"name": "CVE-2018-5089",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5089"
},
{
"name": "CVE-2018-5104",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5104"
},
{
"name": "CVE-2018-5117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5117"
},
{
"name": "CVE-2018-5098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5098"
},
{
"name": "CVE-2018-5095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5095"
},
{
"name": "CVE-2018-5102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5102"
},
{
"name": "CVE-2018-5099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5099"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-04 du 25 janvier 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/"
}
]
}
CNVD-2018-02639
Vulnerability from cnvd - Published: 2018-02-02
VLAI Severity ?
Title
Mozilla Firefox和Firefox ESR内存错误引用漏洞(CNVD-2018-02639)
Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 58之前版本和Firefox ESR 52.6之前版本中存在内存错误引用。远程攻击者可利用该漏洞造成拒绝服务(崩溃)。
Severity
中
Patch Name
Mozilla Firefox和Firefox ESR内存错误引用漏洞(CNVD-2018-02639)的补丁
Patch Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 58之前版本和Firefox ESR 52.6之前版本中存在内存错误引用漏洞。远程攻击者可利用该漏洞造成拒绝服务(崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
Reference
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
http://www.securityfocus.com/bid/102783
Impacted products
| Name | ['Mozilla Firefox <58', 'Mozilla Firefox ESR <52.6'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-5097"
}
},
"description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 58\u4e4b\u524d\u7248\u672c\u548cFirefox ESR 52.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
"discovererName": "Nils",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-02/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-02639",
"openTime": "2018-02-02",
"patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 58\u4e4b\u524d\u7248\u672c\u548cFirefox ESR 52.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cFirefox ESR\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-02639\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c58",
"Mozilla Firefox ESR \u003c52.6"
]
},
"referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/\r\nhttp://www.securityfocus.com/bid/102783",
"serverity": "\u4e2d",
"submitTime": "2018-01-25",
"title": "Mozilla Firefox\u548cFirefox ESR\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-02639\uff09"
}
FKIE_CVE-2018-5097
Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50
Severity ?
Summary
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | thunderbird | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7F3816-EA18-400D-BA82-94F233EF1082",
"versionEndExcluding": "58.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFA7D9A-6497-4FF8-9A18-4EBCAAB755D5",
"versionEndExcluding": "52.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59FA92DA-EBD7-4C6E-9E5D-1F3F08BAF25D",
"versionEndExcluding": "52.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
},
{
"lang": "es",
"value": "Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las transformaciones XSL cuando el documento de origen para la transformaci\u00f3n se manipula con scripts durante la transformaci\u00f3n. Esto resulta en un cierre inesperado explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox."
}
],
"id": "CVE-2018-5097",
"lastModified": "2025-11-25T17:50:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-11T21:29:12.577",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102783"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040270"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4102"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-W9Q9-VCXP-7JMC
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32
VLAI?
Details
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2018-5097"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"id": "GHSA-w9q9-vcxp-7jmc",
"modified": "2025-11-25T18:32:11Z",
"published": "2022-05-14T03:10:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5097"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3544-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4102"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102783"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040270"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-5097
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-5097",
"description": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"id": "GSD-2018-5097",
"references": [
"https://www.suse.com/security/cve/CVE-2018-5097.html",
"https://www.debian.org/security/2018/dsa-4102",
"https://www.debian.org/security/2018/dsa-4096",
"https://access.redhat.com/errata/RHSA-2018:0262",
"https://access.redhat.com/errata/RHSA-2018:0122",
"https://ubuntu.com/security/CVE-2018-5097",
"https://advisories.mageia.org/CVE-2018-5097.html",
"https://linux.oracle.com/cve/CVE-2018-5097.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-5097"
],
"details": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"id": "GSD-2018-5097",
"modified": "2023-12-13T01:22:40.579547Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "58"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free when source document is manipulated during XSLT"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name": "1040270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name": "102783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102783"
},
{
"name": "DSA-4096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"name": "RHSA-2018:0262",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name": "USN-3544-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name": "RHSA-2018:0122",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name": "DSA-4102",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4102"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5097"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "58"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.6"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox \u003c 58, and Firefox ESR \u003c 52.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free when source document is manipulated during XSLT"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "58.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "52.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "52.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5097"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1387427"
},
{
"name": "DSA-4102",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4102"
},
{
"name": "DSA-4096",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"name": "USN-3544-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name": "RHSA-2018:0262",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name": "RHSA-2018:0122",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"name": "1040270",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "102783",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102783"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-08-03T16:55Z",
"publishedDate": "2018-06-11T21:29Z"
}
}
}
OPENSUSE-SU-2018:0256-1
Vulnerability from csaf_opensuse - Published: 2018-01-27 21:50 - Updated: 2018-01-27 21:50Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird to version 52.6 fixes several issues.
These security issues were fixed:
- CVE-2018-5095: Integer overflow in Skia library during edge builder
allocation (bsc#1077291).
- CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).
- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
(bsc#1077291).
- CVE-2018-5098: Use-after-free while manipulating form input elements
(bsc#1077291).
- CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).
- CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).
- CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).
- CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).
- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
(bsc#1077291).
- CVE-2018-5089: Various memory safety bugs (bsc#1077291).
These security issues were fixed:
- Searching message bodies of messages in local folders, including
filter and quick filter operations, not working reliably: Content
not found in base64-encode message parts, non-ASCII text not found
and false positives found.
- Defective messages (without at least one expected header) not shown
in IMAP folders but shown on mobile devices
- Calendar: Unintended task deletion if numlock is enabled
Patchnames: openSUSE-2018-101
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird to version 52.6 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2018-5095: Integer overflow in Skia library during edge builder\n allocation (bsc#1077291).\n- CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT\n (bsc#1077291).\n- CVE-2018-5098: Use-after-free while manipulating form input elements\n (bsc#1077291).\n- CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n- CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n- CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n- CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).\n- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right\n (bsc#1077291).\n- CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\nThese security issues were fixed:\n\n- Searching message bodies of messages in local folders, including\n filter and quick filter operations, not working reliably: Content\n not found in base64-encode message parts, non-ASCII text not found\n and false positives found.\n- Defective messages (without at least one expected header) not shown\n in IMAP folders but shown on mobile devices\n- Calendar: Unintended task deletion if numlock is enabled\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-101",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0256-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:0256-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BDMR3YENC7V5BUBRGJXWANWHWNBW46OF/#BDMR3YENC7V5BUBRGJXWANWHWNBW46OF"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:0256-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BDMR3YENC7V5BUBRGJXWANWHWNBW46OF/#BDMR3YENC7V5BUBRGJXWANWHWNBW46OF"
},
{
"category": "self",
"summary": "SUSE Bug 1077291",
"url": "https://bugzilla.suse.com/1077291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5089 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5095 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5096 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5097 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5098 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5099 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5102 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5104 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5117 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5117/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2018-01-27T21:50:06Z",
"generator": {
"date": "2018-01-27T21:50:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:0256-1",
"initial_release_date": "2018-01-27T21:50:06Z",
"revision_history": [
{
"date": "2018-01-27T21:50:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-devel-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-52.6-54.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5089"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5089",
"url": "https://www.suse.com/security/cve/CVE-2018-5089"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5089",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5089"
},
{
"cve": "CVE-2018-5095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5095"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5095",
"url": "https://www.suse.com/security/cve/CVE-2018-5095"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5095",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5095"
},
{
"cve": "CVE-2018-5096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5096"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.6 and Thunderbird \u003c 52.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5096",
"url": "https://www.suse.com/security/cve/CVE-2018-5096"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5096",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5096"
},
{
"cve": "CVE-2018-5097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5097"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5097",
"url": "https://www.suse.com/security/cve/CVE-2018-5097"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5097",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5097"
},
{
"cve": "CVE-2018-5098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5098"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5098",
"url": "https://www.suse.com/security/cve/CVE-2018-5098"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5098",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5098"
},
{
"cve": "CVE-2018-5099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5099"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5099",
"url": "https://www.suse.com/security/cve/CVE-2018-5099"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5099",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5099"
},
{
"cve": "CVE-2018-5102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5102"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5102",
"url": "https://www.suse.com/security/cve/CVE-2018-5102"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5102",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5102"
},
{
"cve": "CVE-2018-5103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5103"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5103",
"url": "https://www.suse.com/security/cve/CVE-2018-5103"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5103",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5103"
},
{
"cve": "CVE-2018-5104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5104"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5104",
"url": "https://www.suse.com/security/cve/CVE-2018-5104"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5104",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5104"
},
{
"cve": "CVE-2018-5117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5117"
}
],
"notes": [
{
"category": "general",
"text": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5117",
"url": "https://www.suse.com/security/cve/CVE-2018-5117"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5117",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-5117"
}
]
}
OPENSUSE-SU-2018:0257-1
Vulnerability from csaf_opensuse - Published: 2018-01-27 21:50 - Updated: 2018-01-27 21:50Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird to version 52.6 fixes several issues.
These security issues were fixed:
- CVE-2018-5095: Integer overflow in Skia library during edge builder
allocation (bsc#1077291).
- CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).
- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
(bsc#1077291).
- CVE-2018-5098: Use-after-free while manipulating form input elements
(bsc#1077291).
- CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).
- CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).
- CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).
- CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).
- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
(bsc#1077291).
- CVE-2018-5089: Various memory safety bugs (bsc#1077291).
These security issues were fixed:
- Searching message bodies of messages in local folders, including
filter and quick filter operations, not working reliably: Content
not found in base64-encode message parts, non-ASCII text not found
and false positives found.
- Defective messages (without at least one expected header) not shown
in IMAP folders but shown on mobile devices
- Calendar: Unintended task deletion if numlock is enabled
Patchnames: openSUSE-2018-101
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird to version 52.6 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2018-5095: Integer overflow in Skia library during edge builder\n allocation (bsc#1077291).\n- CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT\n (bsc#1077291).\n- CVE-2018-5098: Use-after-free while manipulating form input elements\n (bsc#1077291).\n- CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n- CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n- CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n- CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).\n- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right\n (bsc#1077291).\n- CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\nThese security issues were fixed:\n\n- Searching message bodies of messages in local folders, including\n filter and quick filter operations, not working reliably: Content\n not found in base64-encode message parts, non-ASCII text not found\n and false positives found.\n- Defective messages (without at least one expected header) not shown\n in IMAP folders but shown on mobile devices\n- Calendar: Unintended task deletion if numlock is enabled\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-101",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0257-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:0257-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQKYFID4LB22UT3U2EOJ242RTGFRORJJ/#IQKYFID4LB22UT3U2EOJ242RTGFRORJJ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:0257-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQKYFID4LB22UT3U2EOJ242RTGFRORJJ/#IQKYFID4LB22UT3U2EOJ242RTGFRORJJ"
},
{
"category": "self",
"summary": "SUSE Bug 1077291",
"url": "https://bugzilla.suse.com/1077291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5089 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5095 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5096 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5097 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5098 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5099 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5102 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5104 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5117 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5117/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2018-01-27T21:50:06Z",
"generator": {
"date": "2018-01-27T21:50:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:0257-1",
"initial_release_date": "2018-01-27T21:50:06Z",
"revision_history": [
{
"date": "2018-01-27T21:50:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-devel-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-52.6-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-52.6-54.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-52.6-54.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-52.6-54.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5089"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5089",
"url": "https://www.suse.com/security/cve/CVE-2018-5089"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5089",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5089"
},
{
"cve": "CVE-2018-5095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5095"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5095",
"url": "https://www.suse.com/security/cve/CVE-2018-5095"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5095",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5095"
},
{
"cve": "CVE-2018-5096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5096"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.6 and Thunderbird \u003c 52.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5096",
"url": "https://www.suse.com/security/cve/CVE-2018-5096"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5096",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5096"
},
{
"cve": "CVE-2018-5097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5097"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5097",
"url": "https://www.suse.com/security/cve/CVE-2018-5097"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5097",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5097"
},
{
"cve": "CVE-2018-5098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5098"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5098",
"url": "https://www.suse.com/security/cve/CVE-2018-5098"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5098",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5098"
},
{
"cve": "CVE-2018-5099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5099"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5099",
"url": "https://www.suse.com/security/cve/CVE-2018-5099"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5099",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5099"
},
{
"cve": "CVE-2018-5102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5102"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5102",
"url": "https://www.suse.com/security/cve/CVE-2018-5102"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5102",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5102"
},
{
"cve": "CVE-2018-5103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5103"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5103",
"url": "https://www.suse.com/security/cve/CVE-2018-5103"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5103",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5103"
},
{
"cve": "CVE-2018-5104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5104"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5104",
"url": "https://www.suse.com/security/cve/CVE-2018-5104"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5104",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "important"
}
],
"title": "CVE-2018-5104"
},
{
"cve": "CVE-2018-5117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5117"
}
],
"notes": [
{
"category": "general",
"text": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5117",
"url": "https://www.suse.com/security/cve/CVE-2018-5117"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5117",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.6-54.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.6-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-27T21:50:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-5117"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…