CVE-2018-12376

HIGH

Description

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

References

http://www.securityfocus.com/bid/105280

http://www.securitytracker.com/id/1041610

https://access.redhat.com/errata/RHSA-2018:2692

https://access.redhat.com/errata/RHSA-2018:2693

https://access.redhat.com/errata/RHSA-2018:3403

https://access.redhat.com/errata/RHSA-2018:3458

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3761-1/

https://usn.ubuntu.com/3793-1/

https://www.debian.org/security/2018/dsa-4287

https://www.debian.org/security/2018/dsa-4327

https://www.mozilla.org/security/advisories/mfsa2018-20/

https://www.mozilla.org/security/advisories/mfsa2018-21/

https://www.mozilla.org/security/advisories/mfsa2018-25/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2018-12-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
127413NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0145)NessusNewStart CGSL Local Security Checks
high
127404NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0141)NessusNewStart CGSL Local Security Checks
high
127208NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0037)NessusNewStart CGSL Local Security Checks
high
127198NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
high
123293openSUSE Security Update : MozillaThunderbird (openSUSE-2019-680)NessusSuSE Local Security Checks
high
123292openSUSE Security Update : MozillaFirefox (openSUSE-2019-676)NessusSuSE Local Security Checks
high
700407Mozilla Firefox < 62.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
121478Mozilla Thunderbird < 60.2.1NessusMacOS X Local Security Checks
high
120110SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2890-1)NessusSuSE Local Security Checks
high
119748Mozilla Firefox < 62 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
119451SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)NessusSuSE Local Security Checks
high
119208Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20181105)NessusScientific Linux Local Security Checks
high
119133GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
118890Debian DLA-1575-1 : thunderbird security updateNessusDebian Local Security Checks
high
118837CentOS 6 : thunderbird (CESA-2018:3403)NessusCentOS Local Security Checks
high
118813Oracle Linux 7 : thunderbird (ELSA-2018-3458)NessusOracle Linux Local Security Checks
high
118744RHEL 7 : thunderbird (RHSA-2018:3458)NessusRed Hat Local Security Checks
high
118742EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1359)NessusHuawei Local Security Checks
high
118590SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)NessusSuSE Local Security Checks
high
118585Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20181031)NessusScientific Linux Local Security Checks
high
118552RHEL 6 : thunderbird (RHSA-2018:3403)NessusRed Hat Local Security Checks
high
118473Debian DSA-4327-1 : thunderbird - security updateNessusDebian Local Security Checks
high
118144Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3793-1)NessusUbuntu Local Security Checks
high
117987openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1139)NessusSuSE Local Security Checks
high
117939Mozilla Thunderbird < 60.2.1 Multiple VulnerabilitiesNessusWindows
high
117938Mozilla Thunderbird < 60.2.1 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
117894GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
117732EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1288)NessusHuawei Local Security Checks
high
117538Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox regressions (USN-3761-3)NessusUbuntu Local Security Checks
high
117496Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox regressions (USN-3761-2)NessusUbuntu Local Security Checks
high
117486CentOS 6 : firefox (CESA-2018:2693)NessusCentOS Local Security Checks
high
117485CentOS 7 : firefox (CESA-2018:2692)NessusCentOS Local Security Checks
high
117474Scientific Linux Security Update : firefox on SL7.x x86_64 (20180912)NessusScientific Linux Local Security Checks
high
117473Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20180912)NessusScientific Linux Local Security Checks
high
117470RHEL 6 : firefox (RHSA-2018:2693)NessusRed Hat Local Security Checks
high
117469RHEL 7 : firefox (RHSA-2018:2692)NessusRed Hat Local Security Checks
high
117466Oracle Linux 7 : firefox (ELSA-2018-2692)NessusOracle Linux Local Security Checks
high
117384openSUSE Security Update : MozillaFirefox (openSUSE-2018-995)NessusSuSE Local Security Checks
high
117368Debian DSA-4287-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
117357Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox vulnerabilities (USN-3761-1)NessusUbuntu Local Security Checks
high
117304FreeBSD : mozilla -- multiple vulnerabilities (c96d416a-eae7-4d5d-bc84-40deca9329fb)NessusFreeBSD Local Security Checks
high
117294Mozilla Firefox < 62 Multiple Critical VulnerabilitiesNessusWindows
high
117293Mozilla Firefox ESR < 60.2 Multiple Critical VulnerabilitiesNessusWindows
high
117292Mozilla Firefox ESR < 60.2 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
117291Mozilla Firefox < 62 Multiple Critical Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high