CVE-2018-5089

HIGH

Description

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

References

http://www.securityfocus.com/bid/102783

http://www.securitytracker.com/id/1040270

https://access.redhat.com/errata/RHSA-2018:0122

https://access.redhat.com/errata/RHSA-2018:0262

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612

https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html

https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html

https://usn.ubuntu.com/3544-1/

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2018/dsa-4096

https://www.debian.org/security/2018/dsa-4102

https://www.mozilla.org/security/advisories/mfsa2018-02/

https://www.mozilla.org/security/advisories/mfsa2018-03/

https://www.mozilla.org/security/advisories/mfsa2018-04/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-03

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
700334	Mozilla Firefox ESR < 52.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700326	Mozilla Firefox < 58 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
110622	Ubuntu 17.10 / 18.04 LTS : mozjs52 vulnerabilities (USN-3688-1)	Nessus	Ubuntu Local Security Checks	critical
108820	GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
108519	Mozilla Thunderbird < 52.6 Multiple Vulnerabilities	Nessus	Windows	high
108518	Mozilla Thunderbird < 52.6 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
106884	GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
106790	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox regressions (USN-3544-2)	Nessus	Ubuntu Local Security Checks	critical
106772	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1044)	Nessus	Huawei Local Security Checks	high
106771	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2018-1043)	Nessus	Huawei Local Security Checks	high
106654	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:0374-1)	Nessus	SuSE Local Security Checks	high
106617	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0361-1)	Nessus	SuSE Local Security Checks	high
106575	Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
106573	RHEL 6 / 7 : thunderbird (RHSA-2018:0262)	Nessus	Red Hat Local Security Checks	high
106572	Oracle Linux 6 / 7 : thunderbird (ELSA-2018-0262)	Nessus	Oracle Linux Local Security Checks	high
106567	CentOS 6 / 7 : thunderbird (CESA-2018:0262)	Nessus	CentOS Local Security Checks	high
106509	Debian DSA-4102-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
106482	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : thunderbird vulnerabilities (USN-3529-1)	Nessus	Ubuntu Local Security Checks	high
106463	Debian DLA-1262-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
106430	openSUSE Security Update : MozillaThunderbird (openSUSE-2018-101)	Nessus	SuSE Local Security Checks	high
106347	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox vulnerabilities (USN-3544-1)	Nessus	Ubuntu Local Security Checks	critical
106337	Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
106329	RHEL 6 / 7 : firefox (RHSA-2018:0122)	Nessus	Red Hat Local Security Checks	high
106327	Oracle Linux 6 / 7 : firefox (ELSA-2018-0122)	Nessus	Oracle Linux Local Security Checks	high
106324	openSUSE Security Update : MozillaFirefox (openSUSE-2018-85)	Nessus	SuSE Local Security Checks	high
106320	Debian DSA-4096-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
106318	Debian DLA-1256-1 : firefox-esr security update	Nessus	Debian Local Security Checks	high
106317	CentOS 6 / 7 : firefox (CESA-2018:0122)	Nessus	CentOS Local Security Checks	high
106303	Mozilla Firefox < 58 Multiple Vulnerabilities	Nessus	Windows	high
106302	Mozilla Firefox ESR < 52.6 Multiple Vulnerabilities	Nessus	Windows	high
106301	Mozilla Firefox < 58 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
106300	Mozilla Firefox ESR < 52.6 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
106288	FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)	Nessus	FreeBSD Local Security Checks	critical