CVE-2018-12405

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

References

http://www.securityfocus.com/bid/106168

https://access.redhat.com/errata/RHSA-2018:3831

https://access.redhat.com/errata/RHSA-2018:3833

https://access.redhat.com/errata/RHSA-2019:0159

https://access.redhat.com/errata/RHSA-2019:0160

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471

https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html

https://security.gentoo.org/glsa/201903-04

https://usn.ubuntu.com/3844-1/

https://usn.ubuntu.com/3868-1/

https://www.debian.org/security/2018/dsa-4354

https://www.debian.org/security/2019/dsa-4362

https://www.mozilla.org/security/advisories/mfsa2018-29/

https://www.mozilla.org/security/advisories/mfsa2018-30/

https://www.mozilla.org/security/advisories/mfsa2018-31/

Details

Source: MITRE

Published: 2019-02-28

Updated: 2019-03-12

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
127423NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0150)NessusNewStart CGSL Local Security Checks
critical
127418NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0148)NessusNewStart CGSL Local Security Checks
critical
127315NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0093)NessusNewStart CGSL Local Security Checks
critical
127238NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0052)NessusNewStart CGSL Local Security Checks
critical
127213NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0039)NessusNewStart CGSL Local Security Checks
critical
125498EulerOS 2.0 SP3 : firefox (EulerOS-SA-2019-1571)NessusHuawei Local Security Checks
critical
124378EulerOS 2.0 SP2 : firefox (EulerOS-SA-2019-1282)NessusHuawei Local Security Checks
critical
123148openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)NessusSuSE Local Security Checks
critical
122732GLSA-201903-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
122674Amazon Linux 2 : thunderbird (ALAS-2019-1168)NessusAmazon Linux Local Security Checks
critical
122493openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)NessusSuSE Local Security Checks
critical
122224openSUSE Security Update : MozillaThunderbird (openSUSE-2019-182)NessusSuSE Local Security Checks
critical
122192Mozilla Firefox < 64.0NessusMacOS X Local Security Checks
critical
121641Mozilla Firefox ESR < 60.4NessusMacOS X Local Security Checks
critical
700411Mozilla Firefox < 64 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
700411Mozilla Firefox < 64 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
121546CentOS 7 : thunderbird (CESA-2019:0160)NessusCentOS Local Security Checks
critical
121545CentOS 6 : thunderbird (CESA-2019:0159)NessusCentOS Local Security Checks
critical
121410Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190125)NessusScientific Linux Local Security Checks
critical
121409Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190125)NessusScientific Linux Local Security Checks
critical
121408Oracle Linux 6 : thunderbird (ELSA-2019-0159)NessusOracle Linux Local Security Checks
critical
121381Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3868-1)NessusUbuntu Local Security Checks
critical
121380RHEL 7 : thunderbird (RHSA-2019:0160)NessusRed Hat Local Security Checks
critical
121379RHEL 6 : thunderbird (RHSA-2019:0159)NessusRed Hat Local Security Checks
critical
121378Oracle Linux 7 : thunderbird (ELSA-2019-0160)NessusOracle Linux Local Security Checks
critical
120963Debian DSA-4362-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
120193SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)NessusSuSE Local Security Checks
critical
119882Scientific Linux Security Update : firefox on SL7.x x86_64 (20181217)NessusScientific Linux Local Security Checks
critical
119881Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20181217)NessusScientific Linux Local Security Checks
critical
119874CentOS 7 : firefox (CESA-2018:3833)NessusCentOS Local Security Checks
critical
119873CentOS 6 : firefox (CESA-2018:3831)NessusCentOS Local Security Checks
critical
119871SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)NessusSuSE Local Security Checks
critical
119756Oracle Linux 7 : firefox (ELSA-2018-3833)NessusOracle Linux Local Security Checks
critical
119755Oracle Linux 6 : firefox (ELSA-2018-3831)NessusOracle Linux Local Security Checks
critical
119735RHEL 7 : firefox (RHSA-2018:3833)NessusRed Hat Local Security Checks
critical
119734RHEL 6 : firefox (RHSA-2018:3831)NessusRed Hat Local Security Checks
critical
119671openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1544)NessusSuSE Local Security Checks
critical
119667Debian DLA-1605-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
119654Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox vulnerabilities (USN-3844-1)NessusUbuntu Local Security Checks
critical
119636FreeBSD : mozilla -- multiple vulnerabilities (d10b49b2-8d02-49e8-afde-0844626317af)NessusFreeBSD Local Security Checks
critical
119634Debian DSA-4354-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
119606Mozilla Firefox ESR < 60.4 Multiple VulnerabilitiesNessusWindows
critical
119605Mozilla Firefox ESR < 60.4 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
119604Mozilla Firefox < 64.0 Multiple VulnerabilitiesNessusWindows
critical
119603Mozilla Firefox < 64.0 Multiple Vulnerabilities (macOS) (deprecated)NessusMacOS X Local Security Checks
critical