CVE-2018-12376

HIGH

Description

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

References

http://www.securityfocus.com/bid/105280

http://www.securitytracker.com/id/1041610

https://access.redhat.com/errata/RHSA-2018:2692

https://access.redhat.com/errata/RHSA-2018:2693

https://access.redhat.com/errata/RHSA-2018:3403

https://access.redhat.com/errata/RHSA-2018:3458

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3761-1/

https://usn.ubuntu.com/3793-1/

https://www.debian.org/security/2018/dsa-4287

https://www.debian.org/security/2018/dsa-4327

https://www.mozilla.org/security/advisories/mfsa2018-20/

https://www.mozilla.org/security/advisories/mfsa2018-21/

https://www.mozilla.org/security/advisories/mfsa2018-25/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2018-12-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
700407	Mozilla Firefox < 62.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
121478	Mozilla Thunderbird < 60.2.1	Nessus	MacOS X Local Security Checks	high
120110	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2890-1)	Nessus	SuSE Local Security Checks	high
119748	Mozilla Firefox < 62 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
119451	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)	Nessus	SuSE Local Security Checks	high
119208	Scientific Linux Security Update : thunderbird on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
119133	GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
118890	Debian DLA-1575-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
118837	CentOS 6 : thunderbird (CESA-2018:3403)	Nessus	CentOS Local Security Checks	high
118813	Oracle Linux 7 : thunderbird (ELSA-2018-3458)	Nessus	Oracle Linux Local Security Checks	high
118744	RHEL 7 : thunderbird (RHSA-2018:3458)	Nessus	Red Hat Local Security Checks	high
118742	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1359)	Nessus	Huawei Local Security Checks	high
118590	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)	Nessus	SuSE Local Security Checks	high
118585	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
118552	RHEL 6 : thunderbird (RHSA-2018:3403)	Nessus	Red Hat Local Security Checks	high
118473	Debian DSA-4327-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
118144	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : thunderbird vulnerabilities (USN-3793-1)	Nessus	Ubuntu Local Security Checks	high
117987	openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1139)	Nessus	SuSE Local Security Checks	high
117939	Mozilla Thunderbird < 60.2.1 Multiple Vulnerabilities	Nessus	Windows	high
117938	Mozilla Thunderbird < 60.2.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	medium
117894	GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
117732	EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1288)	Nessus	Huawei Local Security Checks	high
117538	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox regressions (USN-3761-3)	Nessus	Ubuntu Local Security Checks	high
117496	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox regressions (USN-3761-2)	Nessus	Ubuntu Local Security Checks	high
117486	CentOS 6 : firefox (CESA-2018:2693)	Nessus	CentOS Local Security Checks	high
117485	CentOS 7 : firefox (CESA-2018:2692)	Nessus	CentOS Local Security Checks	high
117474	Scientific Linux Security Update : firefox on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
117473	Scientific Linux Security Update : firefox on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
117470	RHEL 6 : firefox (RHSA-2018:2693)	Nessus	Red Hat Local Security Checks	high
117469	RHEL 7 : firefox (RHSA-2018:2692)	Nessus	Red Hat Local Security Checks	high
117466	Oracle Linux 7 : firefox (ELSA-2018-2692)	Nessus	Oracle Linux Local Security Checks	high
117384	openSUSE Security Update : MozillaFirefox (openSUSE-2018-995)	Nessus	SuSE Local Security Checks	high
117368	Debian DSA-4287-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
117357	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox vulnerabilities (USN-3761-1)	Nessus	Ubuntu Local Security Checks	high
117304	FreeBSD : mozilla -- multiple vulnerabilities (c96d416a-eae7-4d5d-bc84-40deca9329fb)	Nessus	FreeBSD Local Security Checks	high
117294	Mozilla Firefox < 62 Multiple Critical Vulnerabilities	Nessus	Windows	high
117293	Mozilla Firefox ESR < 60.2 Multiple Critical Vulnerabilities	Nessus	Windows	high
117292	Mozilla Firefox ESR < 60.2 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
117291	Mozilla Firefox < 62 Multiple Critical Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high