CVE-2018-12389

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.

References

http://www.securityfocus.com/bid/105723

http://www.securityfocus.com/bid/105769

http://www.securitytracker.com/id/1041944

https://access.redhat.com/errata/RHSA-2018:3005

https://access.redhat.com/errata/RHSA-2018:3006

https://access.redhat.com/errata/RHSA-2018:3531

https://access.redhat.com/errata/RHSA-2018:3532

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198

https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201811-04

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3868-1/

https://www.debian.org/security/2018/dsa-4324

https://www.debian.org/security/2018/dsa-4337

https://www.mozilla.org/security/advisories/mfsa2018-27/

https://www.mozilla.org/security/advisories/mfsa2018-28/

Details

Source: MITRE

Published: 2019-02-28

Updated: 2019-03-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
127413NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0145)NessusNewStart CGSL Local Security Checks
critical
127404NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0141)NessusNewStart CGSL Local Security Checks
critical
127208NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0037)NessusNewStart CGSL Local Security Checks
critical
127198NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
critical
123356openSUSE Security Update : Mozilla Firefox (openSUSE-2019-855)NessusSuSE Local Security Checks
critical
123332openSUSE Security Update : MozillaThunderbird (openSUSE-2019-772)NessusSuSE Local Security Checks
high
122158Amazon Linux 2 : thunderbird (ALAS-2019-1157)NessusAmazon Linux Local Security Checks
critical
121381Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3868-1)NessusUbuntu Local Security Checks
critical
120158SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:3656-1)NessusSuSE Local Security Checks
critical
119903EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1414)NessusHuawei Local Security Checks
critical
119564EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1384)NessusHuawei Local Security Checks
critical
119553SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:3749-2)NessusSuSE Local Security Checks
critical
119210Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20181109)NessusScientific Linux Local Security Checks
critical
119133GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
119111Oracle Linux 6 : thunderbird (ELSA-2018-3531)NessusOracle Linux Local Security Checks
critical
119051CentOS 7 : thunderbird (CESA-2018:3532)NessusCentOS Local Security Checks
critical
119050CentOS 6 : thunderbird (CESA-2018:3531)NessusCentOS Local Security Checks
critical
118953SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:3749-1)NessusSuSE Local Security Checks
critical
118894Debian DSA-4337-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
118890Debian DLA-1575-1 : thunderbird security updateNessusDebian Local Security Checks
critical
118866Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20181109)NessusScientific Linux Local Security Checks
critical
118863RHEL 7 : thunderbird (RHSA-2018:3532)NessusRed Hat Local Security Checks
critical
118862RHEL 6 : thunderbird (RHSA-2018:3531)NessusRed Hat Local Security Checks
critical
118860Oracle Linux 7 : thunderbird (ELSA-2018-3532)NessusOracle Linux Local Security Checks
critical
118848GLSA-201811-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
118817openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1340)NessusSuSE Local Security Checks
critical
118808Debian DLA-1571-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
118709Oracle Linux 6 : firefox (ELSA-2018-3006)NessusOracle Linux Local Security Checks
critical
118593Mozilla Thunderbird < 60.3 Multiple VulnerabilitiesNessusWindows
high
118592Mozilla Thunderbird < 60.3 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
118444openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1268)NessusSuSE Local Security Checks
critical
118443Scientific Linux Security Update : firefox on SL7.x x86_64 (20181025)NessusScientific Linux Local Security Checks
critical
118442Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20181025)NessusScientific Linux Local Security Checks
critical
118406CentOS 6 : firefox (CESA-2018:3006)NessusCentOS Local Security Checks
critical
118405CentOS 7 : firefox (CESA-2018:3005)NessusCentOS Local Security Checks
critical
118395Mozilla Firefox ESR < 60.3 Multiple VulnerabilitiesNessusWindows
high
118394Mozilla Firefox ESR < 60.3 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
118375RHEL 6 : firefox (RHSA-2018:3006)NessusRed Hat Local Security Checks
critical
118374RHEL 7 : firefox (RHSA-2018:3005)NessusRed Hat Local Security Checks
critical
118368Oracle Linux 7 : firefox (ELSA-2018-3005)NessusOracle Linux Local Security Checks
critical
118365Debian DSA-4324-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical