CVE-2018-12361

MEDIUM

Description

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

References

http://www.securityfocus.com/bid/104558

http://www.securitytracker.com/id/1041193

https://bugzilla.mozilla.org/show_bug.cgi?id=1463244

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3705-1/

https://www.debian.org/security/2018/dsa-4295

https://www.mozilla.org/security/advisories/mfsa2018-15/

https://www.mozilla.org/security/advisories/mfsa2018-16/

https://www.mozilla.org/security/advisories/mfsa2018-19/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2018-12-06

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
123293	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-680)	Nessus	SuSE Local Security Checks	high
123288	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-664)	Nessus	SuSE Local Security Checks	high
123203	openSUSE Security Update : MozillaFirefox (openSUSE-2019-494)	Nessus	SuSE Local Security Checks	high
119133	GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
118890	Debian DLA-1575-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
117987	openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1139)	Nessus	SuSE Local Security Checks	high
117894	GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
117505	Debian DSA-4295-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
117383	openSUSE Security Update : MozillaThunderbird (openSUSE-2018-994)	Nessus	SuSE Local Security Checks	high
111981	Mozilla Thunderbird < 60.0 Multiple Vulnerabilities	Nessus	Windows	high
111980	Mozilla Thunderbird < 60.0 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
111005	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox regressions (USN-3705-2)	Nessus	Ubuntu Local Security Checks	high
110942	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox vulnerabilities (USN-3705-1)	Nessus	Ubuntu Local Security Checks	high
110811	Mozilla Firefox < 61 Multiple Critical Vulnerabilities	Nessus	Windows	high
110810	Mozilla Firefox ESR < 60.1 Multiple Critical Vulnerabilities	Nessus	Windows	high
110808	Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
110806	Mozilla Firefox < 61 Multiple Critical Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
110801	openSUSE Security Update : MozillaFirefox (openSUSE-2018-676)	Nessus	SuSE Local Security Checks	high
110700	FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)	Nessus	FreeBSD Local Security Checks	high