Description

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

References

http://www.securityfocus.com/bid/102783

http://www.securitytracker.com/id/1040270

https://access.redhat.com/errata/RHSA-2018:0122

https://access.redhat.com/errata/RHSA-2018:0262

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612

https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html

https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html

https://usn.ubuntu.com/3544-1/

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2018/dsa-4096

https://www.debian.org/security/2018/dsa-4102

https://www.mozilla.org/security/advisories/mfsa2018-02/

https://www.mozilla.org/security/advisories/mfsa2018-03/

https://www.mozilla.org/security/advisories/mfsa2018-04/

Details

Risk Information

CVSS v2

CVSS v3