An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
http://www.securityfocus.com/bid/100315
http://www.securitytracker.com/id/1039124
https://access.redhat.com/errata/RHSA-2017:2456
https://access.redhat.com/errata/RHSA-2017:2534
https://bugzilla.mozilla.org/show_bug.cgi?id=1353312
https://security.gentoo.org/glsa/201803-14
https://www.debian.org/security/2017/dsa-3928
https://www.debian.org/security/2017/dsa-3968
https://www.mozilla.org/security/advisories/mfsa2017-18/
Source: MITRE
Published: 2018-06-11
Updated: 2018-08-03
Type: CWE-125
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL
OR
OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
OR
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
127363 | NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119) | Nessus | NewStart CGSL Local Security Checks | critical |
127356 | NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116) | Nessus | NewStart CGSL Local Security Checks | critical |
108820 | GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
106884 | GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
103563 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:2589-1) | Nessus | SuSE Local Security Checks | critical |
103249 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3416-1) | Nessus | Ubuntu Local Security Checks | critical |
103116 | Debian DSA-3968-1 : icedove - security update | Nessus | Debian Local Security Checks | critical |
103056 | EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1198) | Nessus | Huawei Local Security Checks | critical |
103055 | EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1197) | Nessus | Huawei Local Security Checks | critical |
102961 | Debian DLA-1087-2 : icedove/thunderbird regression update | Nessus | Debian Local Security Checks | critical |
102882 | CentOS 6 / 7 : thunderbird (CESA-2017:2534) | Nessus | CentOS Local Security Checks | critical |
102856 | SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:2302-1) | Nessus | SuSE Local Security Checks | critical |
102776 | Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20170824) | Nessus | Scientific Linux Local Security Checks | critical |
102772 | Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2534) | Nessus | Oracle Linux Local Security Checks | critical |
102727 | RHEL 6 / 7 : thunderbird (RHSA-2017:2534) | Nessus | Red Hat Local Security Checks | critical |
102667 | Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170815) | Nessus | Scientific Linux Local Security Checks | critical |
700183 | Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
700182 | Mozilla Firefox < 55 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
102622 | openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955) | Nessus | SuSE Local Security Checks | critical |
102580 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3391-3) | Nessus | Ubuntu Local Security Checks | critical |
102543 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ubufox update (USN-3391-2) | Nessus | Ubuntu Local Security Checks | critical |
102523 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3391-1) | Nessus | Ubuntu Local Security Checks | critical |
102504 | CentOS 6 / 7 : firefox (CESA-2017:2456) | Nessus | CentOS Local Security Checks | critical |
102473 | Oracle Linux 6 / 7 : firefox (ELSA-2017-2456) | Nessus | Oracle Linux Local Security Checks | critical |
102472 | openSUSE Security Update : MozillaFirefox (openSUSE-2017-921) | Nessus | SuSE Local Security Checks | critical |
102438 | Debian DLA-1053-1 : firefox-esr security update | Nessus | Debian Local Security Checks | critical |
102410 | RHEL 6 / 7 : firefox (RHSA-2017:2456) | Nessus | Red Hat Local Security Checks | critical |
102369 | Debian DSA-3928-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | critical |
102359 | Mozilla Firefox < 55 Multiple Vulnerabilities | Nessus | Windows | critical |
102358 | Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities | Nessus | Windows | critical |
102357 | Mozilla Firefox < 55 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
102356 | Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
102278 | FreeBSD : mozilla -- multiple vulnerabilities (555b244e-6b20-4546-851f-d8eb7d6c1ffa) | Nessus | FreeBSD Local Security Checks | critical |