Vulnerability-Lookup

CVE-2018-5125 (GCVE-0-2018-5125)

Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-05 05:26

Summary

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Severity ?

No CVSS data available.

CWE

Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7

Assigner

mozilla

References

19 references

URL	Tags
https://www.debian.org/security/2018/dsa-4139	vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201810-01	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/103388	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201811-13	vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2018:0527	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3545-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0526	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4155	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0648	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0647	vendor-advisoryx_refsource_REDHAT
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…	x_refsource_CONFIRM
https://usn.ubuntu.com/3688-1/	vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id/1040514	vdb-entryx_refsource_SECTRACK
https://usn.ubuntu.com/3596-1/	vendor-advisoryx_refsource_UBUNTU
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM

Impacted products

3 products

Vendor	Product	Version
Mozilla	Thunderbird	Affected: unspecified , < 52.7 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 52.7 (custom)
Mozilla	Firefox	Affected: unspecified , < 59 (custom)

Date Public ?

2018-03-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:26:46.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4139",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4139"
          },
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "name": "103388",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103388"
          },
          {
            "name": "GLSA-201811-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "name": "RHSA-2018:0527",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0527"
          },
          {
            "name": "USN-3545-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3545-1/"
          },
          {
            "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
          },
          {
            "name": "RHSA-2018:0526",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0526"
          },
          {
            "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
          },
          {
            "name": "DSA-4155",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4155"
          },
          {
            "name": "RHSA-2018:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0648"
          },
          {
            "name": "RHSA-2018:0647",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
          },
          {
            "name": "USN-3688-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3688-1/"
          },
          {
            "name": "1040514",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040514"
          },
          {
            "name": "USN-3596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3596-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "59",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "DSA-4139",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4139"
        },
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "name": "103388",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103388"
        },
        {
          "name": "GLSA-201811-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-13"
        },
        {
          "name": "RHSA-2018:0527",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0527"
        },
        {
          "name": "USN-3545-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3545-1/"
        },
        {
          "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
        },
        {
          "name": "RHSA-2018:0526",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0526"
        },
        {
          "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
        },
        {
          "name": "DSA-4155",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4155"
        },
        {
          "name": "RHSA-2018:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0648"
        },
        {
          "name": "RHSA-2018:0647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
        },
        {
          "name": "USN-3688-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3688-1/"
        },
        {
          "name": "1040514",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040514"
        },
        {
          "name": "USN-3596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3596-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-5125",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "59"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4139",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4139"
            },
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "103388",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103388"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-13"
            },
            {
              "name": "RHSA-2018:0527",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0527"
            },
            {
              "name": "USN-3545-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3545-1/"
            },
            {
              "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
            },
            {
              "name": "RHSA-2018:0526",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0526"
            },
            {
              "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
            },
            {
              "name": "DSA-4155",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4155"
            },
            {
              "name": "RHSA-2018:0648",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0648"
            },
            {
              "name": "RHSA-2018:0647",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0647"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
            },
            {
              "name": "USN-3688-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3688-1/"
            },
            {
              "name": "1040514",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040514"
            },
            {
              "name": "USN-3596-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3596-1/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-5125",
    "datePublished": "2018-06-11T21:00:00.000Z",
    "dateReserved": "2018-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:26:46.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-5125",
      "date": "2026-05-19",
      "epss": "0.01069",
      "percentile": "0.7795"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"59.0\", \"matchCriteriaId\": \"5DF580C0-6851-4C48-AA04-CD1B92A1FEB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.7.0\", \"matchCriteriaId\": \"D14D2375-0A74-45DC-98B7-1ADA24B57332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"52.7.0\", \"matchCriteriaId\": \"D0771678-09BB-4D50-A515-7BB1DF2AB438\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.\"}, {\"lang\": \"es\", \"value\": \"Se han informado de errores de seguridad de memoria en Firefox 58 y Firefox ESR 52.6. Algunos de estos errores mostraron evidencias de corrupci\\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\\u00edan explotar para ejecutar c\\u00f3digo arbitrario. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Thunderbird, las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox.\"}]",
      "id": "CVE-2018-5125",
      "lastModified": "2024-11-21T04:08:09.567",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-06-11T21:29:13.810",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/103388\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040514\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0526\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0527\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0647\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0648\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201810-01\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-13\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3545-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3596-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3688-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4139\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4155\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-06/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-07/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-09/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103388\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040514\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0526\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0648\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201810-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201811-13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3545-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3596-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3688-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-06/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-07/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2018-09/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5125\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:13.810\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.\"},{\"lang\":\"es\",\"value\":\"Se han informado de errores de seguridad de memoria en Firefox 58 y Firefox ESR 52.6. Algunos de estos errores mostraron evidencias de corrupci\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\u00edan explotar para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Thunderbird, las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.7.0\",\"matchCriteriaId\":\"B4DDBE64-7113-428C-BD52-2448E91420CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"59.0\",\"matchCriteriaId\":\"5DF580C0-6851-4C48-AA04-CD1B92A1FEB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.7.0\",\"matchCriteriaId\":\"D0771678-09BB-4D50-A515-7BB1DF2AB438\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103388\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040514\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0526\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0527\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0647\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0648\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3545-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3596-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3688-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4139\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4155\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-06/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-07/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-09/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0526\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0648\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3545-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3596-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3688-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-06/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-07/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-09/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-123

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à ESR 52.7
	Mozilla	Firefox	Firefox versions antérieures à 59

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-07 du 13 mars 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-06 du 13 mars 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 ESR 52.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 59",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5134"
    },
    {
      "name": "CVE-2018-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5142"
    },
    {
      "name": "CVE-2018-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5140"
    },
    {
      "name": "CVE-2018-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5137"
    },
    {
      "name": "CVE-2018-5143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5143"
    },
    {
      "name": "CVE-2018-5144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5144"
    },
    {
      "name": "CVE-2018-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5128"
    },
    {
      "name": "CVE-2018-5133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5133"
    },
    {
      "name": "CVE-2018-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5131"
    },
    {
      "name": "CVE-2018-5132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5132"
    },
    {
      "name": "CVE-2018-5136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5136"
    },
    {
      "name": "CVE-2018-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5129"
    },
    {
      "name": "CVE-2018-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5145"
    },
    {
      "name": "CVE-2018-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5141"
    },
    {
      "name": "CVE-2018-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5126"
    },
    {
      "name": "CVE-2018-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5135"
    },
    {
      "name": "CVE-2018-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5127"
    },
    {
      "name": "CVE-2018-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5125"
    },
    {
      "name": "CVE-2018-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5130"
    },
    {
      "name": "CVE-2018-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5138"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-123",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-07 du 13 mars 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-06 du 13 mars 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"
    }
  ]
}

CERTFR-2018-AVI-149

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 52.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-09 du 23 mars 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 52.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5146"
    },
    {
      "name": "CVE-2018-5144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5144"
    },
    {
      "name": "CVE-2018-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5129"
    },
    {
      "name": "CVE-2018-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5145"
    },
    {
      "name": "CVE-2018-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5127"
    },
    {
      "name": "CVE-2018-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5125"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-149",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire, un d\u00e9ni de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-09 du 23 mars 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/"
    }
  ]
}

CERTFR-2018-AVI-123

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à ESR 52.7
	Mozilla	Firefox	Firefox versions antérieures à 59

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-07 du 13 mars 2018	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2018-06 du 13 mars 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 ESR 52.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 59",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5134"
    },
    {
      "name": "CVE-2018-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5142"
    },
    {
      "name": "CVE-2018-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5140"
    },
    {
      "name": "CVE-2018-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5137"
    },
    {
      "name": "CVE-2018-5143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5143"
    },
    {
      "name": "CVE-2018-5144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5144"
    },
    {
      "name": "CVE-2018-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5128"
    },
    {
      "name": "CVE-2018-5133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5133"
    },
    {
      "name": "CVE-2018-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5131"
    },
    {
      "name": "CVE-2018-5132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5132"
    },
    {
      "name": "CVE-2018-5136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5136"
    },
    {
      "name": "CVE-2018-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5129"
    },
    {
      "name": "CVE-2018-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5145"
    },
    {
      "name": "CVE-2018-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5141"
    },
    {
      "name": "CVE-2018-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5126"
    },
    {
      "name": "CVE-2018-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5135"
    },
    {
      "name": "CVE-2018-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5127"
    },
    {
      "name": "CVE-2018-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5125"
    },
    {
      "name": "CVE-2018-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5130"
    },
    {
      "name": "CVE-2018-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5138"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-123",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-07 du 13 mars 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-06 du 13 mars 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"
    }
  ]
}

CERTFR-2018-AVI-149

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 52.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2018-09 du 23 mars 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 52.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5146"
    },
    {
      "name": "CVE-2018-5144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5144"
    },
    {
      "name": "CVE-2018-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5129"
    },
    {
      "name": "CVE-2018-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5145"
    },
    {
      "name": "CVE-2018-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5127"
    },
    {
      "name": "CVE-2018-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5125"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-149",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire, un d\u00e9ni de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-09 du 23 mars 2018",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/"
    }
  ]
}

BDU:2021-00069

Vulnerability from fstec - Published: 11.06.2018

Title

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Description

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird связана c выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «РусБИТех-Астра», Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Mozilla Corp.

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Firefox, Firefox ESR, Thunderbird

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 59 (Firefox), до 52.7.0 (Firefox ESR), до 52.7.0 (Thunderbird)

Possible Mitigations

Использование рекомендаций: Для firefox: https://www.mozilla.org/security/advisories/mfsa2018-06/ https://www.mozilla.org/security/advisories/mfsa2018-07/ https://www.mozilla.org/security/advisories/mfsa2018-09/ Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 Для Debian: https://security-tracker.debian.org/tracker/CVE-2018-5125 Для программных продуктов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0526 Для Ubuntu: https://ubuntu.com/security/notices/USN-3545-1 https://ubuntu.com/security/notices/USN-3596-1 https://ubuntu.com/security/notices/USN-3688-1

Reference

https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0526 https://ubuntu.com/security/notices/USN-3545-1 https://ubuntu.com/security/notices/USN-3596-1 https://ubuntu.com/security/notices/USN-3688-1 https://www.mozilla.org/security/advisories/mfsa2018-06/ https://www.mozilla.org/security/advisories/mfsa2018-07/ https://www.mozilla.org/security/advisories/mfsa2018-09/ https://nvd.nist.gov/vuln/detail/CVE-2018-5125 https://security-tracker.debian.org/tracker/CVE-2018-5125 https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 59 (Firefox), \u0434\u043e 52.7.0 (Firefox ESR), \u0434\u043e 52.7.0 (Thunderbird)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f firefox:\nhttps://www.mozilla.org/security/advisories/mfsa2018-06/\nhttps://www.mozilla.org/security/advisories/mfsa2018-07/\nhttps://www.mozilla.org/security/advisories/mfsa2018-09/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2018-5125 \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2018:0647\nhttps://access.redhat.com/errata/RHSA-2018:0648\nhttps://access.redhat.com/errata/RHSA-2018:0527\nhttps://access.redhat.com/errata/RHSA-2018:0526\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-3545-1\nhttps://ubuntu.com/security/notices/USN-3596-1\nhttps://ubuntu.com/security/notices/USN-3688-1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.06.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.01.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00069",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-5125",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Firefox, Firefox ESR, Thunderbird",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 17.10 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f c \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 c \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/errata/RHSA-2018:0647\nhttps://access.redhat.com/errata/RHSA-2018:0648\nhttps://access.redhat.com/errata/RHSA-2018:0527\nhttps://access.redhat.com/errata/RHSA-2018:0526\nhttps://ubuntu.com/security/notices/USN-3545-1\nhttps://ubuntu.com/security/notices/USN-3596-1\nhttps://ubuntu.com/security/notices/USN-3688-1\nhttps://www.mozilla.org/security/advisories/mfsa2018-06/\nhttps://www.mozilla.org/security/advisories/mfsa2018-07/\nhttps://www.mozilla.org/security/advisories/mfsa2018-09/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5125\nhttps://security-tracker.debian.org/tracker/CVE-2018-5125 \nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2018-07313

Vulnerability from cnvd - Published: 2018-04-10

Title

Mozilla Firefox任意代码执行漏洞（CNVD-2018-07313）

Description

Mozilla Firefox浏览器（火狐）是一个自由的、开放源码的浏览器，适用于Windows、Linux及MacOSX平台。 Mozilla Firefox存在任意代码执行漏洞。远程用户可创建特制内容，当目标用户加载时，该内容将在目标用户的系统上执行任意代码。

Severity

高

Patch Name

Mozilla Firefox任意代码执行漏洞（CNVD-2018-07313）的补丁

Patch Description

Mozilla Firefox浏览器（火狐）是一个自由的、开放源码的浏览器，适用于Windows、Linux及MacOSX平台。 Mozilla Firefox存在任意代码执行漏洞。远程用户可创建特制内容，当目标用户加载时，该内容将在目标用户的系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/

Impacted products

Name
['Mozilla Firefox 58', 'Mozilla Firefox ESR 52.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5125"
    }
  },
  "description": "Mozilla Firefox\u6d4f\u89c8\u5668\uff08\u706b\u72d0\uff09\u662f\u4e00\u4e2a\u81ea\u7531\u7684\u3001\u5f00\u653e\u6e90\u7801\u7684\u6d4f\u89c8\u5668\uff0c\u9002\u7528\u4e8eWindows\u3001Linux\u53caMacOSX\u5e73\u53f0\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u53ef\u521b\u5efa\u7279\u5236\u5185\u5bb9\uff0c\u5f53\u76ee\u6807\u7528\u6237\u52a0\u8f7d\u65f6\uff0c\u8be5\u5185\u5bb9\u5c06\u5728\u76ee\u6807\u7528\u6237\u7684\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Mozilla developers and community",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-06/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07313",
  "openTime": "2018-04-10",
  "patchDescription": "Mozilla Firefox\u6d4f\u89c8\u5668\uff08\u706b\u72d0\uff09\u662f\u4e00\u4e2a\u81ea\u7531\u7684\u3001\u5f00\u653e\u6e90\u7801\u7684\u6d4f\u89c8\u5668\uff0c\u9002\u7528\u4e8eWindows\u3001Linux\u53caMacOSX\u5e73\u53f0\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u53ef\u521b\u5efa\u7279\u5236\u5185\u5bb9\uff0c\u5f53\u76ee\u6807\u7528\u6237\u52a0\u8f7d\u65f6\uff0c\u8be5\u5185\u5bb9\u5c06\u5728\u76ee\u6807\u7528\u6237\u7684\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-07313\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox 58",
      "Mozilla Firefox ESR 52.6"
    ]
  },
  "referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-15",
  "title": "Mozilla Firefox\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-07313\uff09"
}

FKIE_CVE-2018-5125

Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	http://www.securityfocus.com/bid/103388	Third Party Advisory, VDB Entry
security@mozilla.org	http://www.securitytracker.com/id/1040514	Third Party Advisory, VDB Entry
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:0526	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:0527	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:0647	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2018:0648	Third Party Advisory
security@mozilla.org	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520	Issue Tracking
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html	Mailing List, Third Party Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html	Mailing List, Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/201810-01	Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/201811-13	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/3545-1/	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/3596-1/	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/3688-1/	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2018/dsa-4139	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2018/dsa-4155	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-06/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-07/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2018-09/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103388	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040514	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0526	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0527	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0647	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0648	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201810-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-13	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3545-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3596-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3688-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4139	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4155	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-06/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-07/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2018-09/	Vendor Advisory

Impacted products

Vendor	Product	Version
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
canonical	ubuntu_linux	18.04
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDBE64-7113-428C-BD52-2448E91420CB",
              "versionEndExcluding": "52.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF580C0-6851-4C48-AA04-CD1B92A1FEB6",
              "versionEndExcluding": "59.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0771678-09BB-4D50-A515-7BB1DF2AB438",
              "versionEndExcluding": "52.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
    },
    {
      "lang": "es",
      "value": "Se han informado de errores de seguridad de memoria en Firefox 58 y Firefox ESR 52.6. Algunos de estos errores mostraron evidencias de corrupci\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\u00edan explotar para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Thunderbird, las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox."
    }
  ],
  "id": "CVE-2018-5125",
  "lastModified": "2025-11-25T17:50:16.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-11T21:29:13.810",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103388"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040514"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0526"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0527"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0647"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0648"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3545-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3596-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3688-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4139"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4155"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3545-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3596-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3688-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-32J6-X4JQ-JQ3X

Vulnerability from github – Published: 2022-05-14 01:27 – Updated: 2025-11-25 18:32

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-5125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
  "id": "GHSA-32j6-x4jq-jq3x",
  "modified": "2025-11-25T18:32:12Z",
  "published": "2022-05-14T01:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5125"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-09"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-07"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-06"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4155"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4139"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3688-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3596-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3545-1"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-13"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0648"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0647"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0527"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0526"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103388"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-5125

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-5125

Aliases

CVE-2018-5125

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-5125",
    "description": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
    "id": "GSD-2018-5125",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-5125.html",
      "https://www.debian.org/security/2018/dsa-4155",
      "https://www.debian.org/security/2018/dsa-4139",
      "https://access.redhat.com/errata/RHSA-2018:0648",
      "https://access.redhat.com/errata/RHSA-2018:0647",
      "https://access.redhat.com/errata/RHSA-2018:0527",
      "https://access.redhat.com/errata/RHSA-2018:0526",
      "https://ubuntu.com/security/CVE-2018-5125",
      "https://advisories.mageia.org/CVE-2018-5125.html",
      "https://security.archlinux.org/CVE-2018-5125",
      "https://linux.oracle.com/cve/CVE-2018-5125.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-5125"
      ],
      "details": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
      "id": "GSD-2018-5125",
      "modified": "2023-12-13T01:22:40.633295Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2018-5125",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "59"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-4139",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4139"
          },
          {
            "name": "GLSA-201810-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "name": "103388",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103388"
          },
          {
            "name": "GLSA-201811-13",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "name": "RHSA-2018:0527",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0527"
          },
          {
            "name": "USN-3545-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3545-1/"
          },
          {
            "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
          },
          {
            "name": "RHSA-2018:0526",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0526"
          },
          {
            "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
          },
          {
            "name": "DSA-4155",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4155"
          },
          {
            "name": "RHSA-2018:0648",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0648"
          },
          {
            "name": "RHSA-2018:0647",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0647"
          },
          {
            "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
          },
          {
            "name": "USN-3688-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3688-1/"
          },
          {
            "name": "1040514",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040514"
          },
          {
            "name": "USN-3596-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3596-1/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2018-5125"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "59"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mozilla developers and community members Bob Clary, Olli Pettay, Christian Holler, Nils Ohlmeier, Randell Jesup, Tyson Smith, Ralph Giles, and Philipp reported memory safety bugs present in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox \u003c 59, and Firefox ESR \u003c 52.7."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
          },
          {
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "52.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "59.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "52.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-5125"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
            },
            {
              "name": "DSA-4155",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4155"
            },
            {
              "name": "DSA-4139",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4139"
            },
            {
              "name": "USN-3596-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3596-1/"
            },
            {
              "name": "USN-3545-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3545-1/"
            },
            {
              "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
            },
            {
              "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
            },
            {
              "name": "RHSA-2018:0648",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0648"
            },
            {
              "name": "RHSA-2018:0647",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0647"
            },
            {
              "name": "RHSA-2018:0527",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0527"
            },
            {
              "name": "RHSA-2018:0526",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0526"
            },
            {
              "name": "1040514",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040514"
            },
            {
              "name": "103388",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103388"
            },
            {
              "name": "USN-3688-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3688-1/"
            },
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201811-13"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-08T14:22Z",
      "publishedDate": "2018-06-11T21:29Z"
    }
  }
}

OPENSUSE-SU-2018:0818-1

Vulnerability from csaf_opensuse - Published: 2018-03-26 11:29 - Updated: 2018-03-26 11:29

Summary

Security update for Mozilla Thunderbird

Severity

Moderate

Notes

Title of the patch: Security update for Mozilla Thunderbird

Description of the patch: This update for Mozilla Thunderbird to version 52.7 fixes multiple issues. The following bugs were fixed: - Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments - Better error handling for Yahoo accounts The following security fixes are included as part of the mozilla platform. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671): - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5146: Out of bounds memory write in libvorbis - CVE-2018-5125: Memory safety bugs fixed in Thunderbird 52.7 - CVE-2018-5145: Memory safety bugs fixed in Thunderbird 52.7

Patchnames: openSUSE-2018-313

CVE-2018-5125

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5127

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5129

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5144

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-5145

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5146

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64	—	Vendor Fix

Threats

Impact important

References

24 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1085130	self
https://bugzilla.suse.com/1085671	self
https://www.suse.com/security/cve/CVE-2018-5125/	self
https://www.suse.com/security/cve/CVE-2018-5127/	self
https://www.suse.com/security/cve/CVE-2018-5129/	self
https://www.suse.com/security/cve/CVE-2018-5144/	self
https://www.suse.com/security/cve/CVE-2018-5145/	self
https://www.suse.com/security/cve/CVE-2018-5146/	self
https://www.suse.com/security/cve/CVE-2018-5125	external
https://bugzilla.suse.com/1085130	external
https://www.suse.com/security/cve/CVE-2018-5127	external
https://bugzilla.suse.com/1085130	external
https://www.suse.com/security/cve/CVE-2018-5129	external
https://bugzilla.suse.com/1085130	external
https://www.suse.com/security/cve/CVE-2018-5144	external
https://bugzilla.suse.com/1085130	external
https://www.suse.com/security/cve/CVE-2018-5145	external
https://bugzilla.suse.com/1085130	external
https://www.suse.com/security/cve/CVE-2018-5146	external
https://bugzilla.suse.com/1085671	external
https://bugzilla.suse.com/1085687	external
https://bugzilla.suse.com/1180395	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Mozilla Thunderbird",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for Mozilla Thunderbird to version 52.7 fixes multiple issues.\n    \nThe following bugs were fixed:\n    \n- Searching message bodies of messages in local folders, including filter\n  and quick filter operations, did not find content in message attachments\n- Better error handling for Yahoo accounts\n    \nThe following security fixes are included as part of the mozilla platform. \nIn general, these flaws cannot be exploited through email in Thunderbird\nbecause scripting is disabled when reading mail, but are potentially risks\nin browser or browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):\n\n- CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList\n- CVE-2018-5129: Out-of-bounds write with malformed IPC messages\n- CVE-2018-5144: Integer overflow during Unicode conversion\n- CVE-2018-5146: Out of bounds memory write in libvorbis\n- CVE-2018-5125: Memory safety bugs fixed in Thunderbird 52.7\n- CVE-2018-5145: Memory safety bugs fixed in Thunderbird 52.7\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2018-313",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0818-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1085130",
        "url": "https://bugzilla.suse.com/1085130"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1085671",
        "url": "https://bugzilla.suse.com/1085671"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5125 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5125/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5127 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5129 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5144 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5144/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5145 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5146 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5146/"
      }
    ],
    "title": "Security update for Mozilla Thunderbird",
    "tracking": {
      "current_release_date": "2018-03-26T11:29:18Z",
      "generator": {
        "date": "2018-03-26T11:29:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2018:0818-1",
      "initial_release_date": "2018-03-26T11:29:18Z",
      "revision_history": [
        {
          "date": "2018-03-26T11:29:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-52.7-57.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-52.7-57.1.x86_64",
                  "product_id": "MozillaThunderbird-52.7-57.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
                  "product_id": "MozillaThunderbird-buildsymbols-52.7-57.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-devel-52.7-57.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-devel-52.7-57.1.x86_64",
                  "product_id": "MozillaThunderbird-devel-52.7-57.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-52.7-57.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-52.7-57.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-52.7-57.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-52.7-57.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-52.7-57.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-52.7-57.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-52.7-57.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-52.7-57.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-buildsymbols-52.7-57.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-devel-52.7-57.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-devel-52.7-57.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-52.7-57.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-52.7-57.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-52.7-57.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-52.7-57.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-5125",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5125"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5125",
          "url": "https://www.suse.com/security/cve/CVE-2018-5125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085130 for CVE-2018-5125",
          "url": "https://bugzilla.suse.com/1085130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-03-26T11:29:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5125"
    },
    {
      "cve": "CVE-2018-5127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5127",
          "url": "https://www.suse.com/security/cve/CVE-2018-5127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085130 for CVE-2018-5127",
          "url": "https://bugzilla.suse.com/1085130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-03-26T11:29:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5127"
    },
    {
      "cve": "CVE-2018-5129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5129",
          "url": "https://www.suse.com/security/cve/CVE-2018-5129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085130 for CVE-2018-5129",
          "url": "https://bugzilla.suse.com/1085130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-03-26T11:29:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5129"
    },
    {
      "cve": "CVE-2018-5144",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5144"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5144",
          "url": "https://www.suse.com/security/cve/CVE-2018-5144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085130 for CVE-2018-5144",
          "url": "https://bugzilla.suse.com/1085130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-03-26T11:29:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5144"
    },
    {
      "cve": "CVE-2018-5145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5145",
          "url": "https://www.suse.com/security/cve/CVE-2018-5145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085130 for CVE-2018-5145",
          "url": "https://bugzilla.suse.com/1085130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-03-26T11:29:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5145"
    },
    {
      "cve": "CVE-2018-5146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox \u003c 59.0.1, Firefox ESR \u003c 52.7.2, and Thunderbird \u003c 52.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5146",
          "url": "https://www.suse.com/security/cve/CVE-2018-5146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085671 for CVE-2018-5146",
          "url": "https://bugzilla.suse.com/1085671"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085687 for CVE-2018-5146",
          "url": "https://bugzilla.suse.com/1085687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180395 for CVE-2018-5146",
          "url": "https://bugzilla.suse.com/1180395"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.7-57.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.7-57.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-03-26T11:29:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-5146"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-5125 (GCVE-0-2018-5125)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature