CVE-2018-18500

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

http://www.securityfocus.com/bid/106781

https://access.redhat.com/errata/RHSA-2019:0218

https://access.redhat.com/errata/RHSA-2019:0219

https://access.redhat.com/errata/RHSA-2019:0269

https://access.redhat.com/errata/RHSA-2019:0270

https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

https://security.gentoo.org/glsa/201903-04

https://security.gentoo.org/glsa/201904-07

https://usn.ubuntu.com/3874-1/

https://usn.ubuntu.com/3897-1/

https://www.debian.org/security/2019/dsa-4376

https://www.debian.org/security/2019/dsa-4392

https://www.mozilla.org/security/advisories/mfsa2019-01/

https://www.mozilla.org/security/advisories/mfsa2019-02/

https://www.mozilla.org/security/advisories/mfsa2019-03/

Details

Source: MITRE

Published: 2019-02-05

Updated: 2019-04-02

Type: CWE-416

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
127434NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0156)NessusNewStart CGSL Local Security Checks
critical
127418NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0148)NessusNewStart CGSL Local Security Checks
critical
127315NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0093)NessusNewStart CGSL Local Security Checks
critical
127308NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0090)NessusNewStart CGSL Local Security Checks
critical
127239NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0053)NessusNewStart CGSL Local Security Checks
critical
127238NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0052)NessusNewStart CGSL Local Security Checks
critical
126898openSUSE Security Update : MozillaFirefox (openSUSE-2019-1758)NessusSuSE Local Security Checks
critical
123581GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
122732GLSA-201903-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
122493openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)NessusSuSE Local Security Checks
critical
122482Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3897-1)NessusUbuntu Local Security Checks
critical
122269Debian DSA-4392-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
122263Debian DLA-1678-1 : thunderbird security updateNessusDebian Local Security Checks
critical
122224openSUSE Security Update : MozillaThunderbird (openSUSE-2019-182)NessusSuSE Local Security Checks
critical
122148SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:0336-1)NessusSuSE Local Security Checks
critical
122065CentOS 7 : thunderbird (CESA-2019:0270)NessusCentOS Local Security Checks
critical
122064CentOS 6 : thunderbird (CESA-2019:0269)NessusCentOS Local Security Checks
critical
121638SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0273-1)NessusSuSE Local Security Checks
critical
121631Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190204)NessusScientific Linux Local Security Checks
critical
121607Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190204)NessusScientific Linux Local Security Checks
critical
121600Mozilla Thunderbird < 60.5NessusWindows
critical
121599Mozilla Thunderbird < 60.5NessusMacOS X Local Security Checks
critical
121591openSUSE Security Update : MozillaFirefox (openSUSE-2019-133)NessusSuSE Local Security Checks
critical
121590openSUSE Security Update : MozillaFirefox (openSUSE-2019-132)NessusSuSE Local Security Checks
critical
121586RHEL 7 : thunderbird (RHSA-2019:0270)NessusRed Hat Local Security Checks
critical
121585RHEL 6 : thunderbird (RHSA-2019:0269)NessusRed Hat Local Security Checks
critical
121584Oracle Linux 7 : thunderbird (ELSA-2019-0270)NessusOracle Linux Local Security Checks
critical
121583Oracle Linux 6 : thunderbird (ELSA-2019-0269)NessusOracle Linux Local Security Checks
critical
121551CentOS 7 : firefox (CESA-2019:0219)NessusCentOS Local Security Checks
critical
121550CentOS 6 : firefox (CESA-2019:0218)NessusCentOS Local Security Checks
critical
700399Mozilla Firefox < 65.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
121512Mozilla Firefox < 65.0NessusWindows
critical
121511Mozilla Firefox < 65.0NessusMacOS X Local Security Checks
critical
121507Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox vulnerabilities (USN-3874-1)NessusUbuntu Local Security Checks
critical
121504Scientific Linux Security Update : firefox on SL7.x x86_64 (20190130)NessusScientific Linux Local Security Checks
critical
121503Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190130)NessusScientific Linux Local Security Checks
critical
121502RHEL 7 : firefox (RHSA-2019:0219)NessusRed Hat Local Security Checks
critical
121501RHEL 6 : firefox (RHSA-2019:0218)NessusRed Hat Local Security Checks
critical
121500Oracle Linux 7 : firefox (ELSA-2019-0219)NessusOracle Linux Local Security Checks
critical
121499Oracle Linux 6 : firefox (ELSA-2019-0218)NessusOracle Linux Local Security Checks
critical
121484Debian DSA-4376-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
121480Debian DLA-1648-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
121477Mozilla Firefox ESR < 60.5NessusWindows
critical
121476Mozilla Firefox ESR < 60.5NessusMacOS X Local Security Checks
critical
121447FreeBSD : mozilla -- multiple vulnerabilities (b1f7d52f-fc42-48e8-8403-87d4c9d26229)NessusFreeBSD Local Security Checks
critical