CVE-2018-5125

MEDIUM

Description

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

References

http://www.securityfocus.com/bid/103388

http://www.securitytracker.com/id/1040514

https://access.redhat.com/errata/RHSA-2018:0526

https://access.redhat.com/errata/RHSA-2018:0527

https://access.redhat.com/errata/RHSA-2018:0647

https://access.redhat.com/errata/RHSA-2018:0648

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520

https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3545-1/

https://usn.ubuntu.com/3596-1/

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2018/dsa-4139

https://www.debian.org/security/2018/dsa-4155

https://www.mozilla.org/security/advisories/mfsa2018-06/

https://www.mozilla.org/security/advisories/mfsa2018-07/

https://www.mozilla.org/security/advisories/mfsa2018-09/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2019-03-08

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
119133	GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
117894	GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
700335	Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700328	Mozilla Firefox < 59 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
110622	Ubuntu 17.10 / 18.04 LTS : mozjs52 vulnerabilities (USN-3688-1)	Nessus	Ubuntu Local Security Checks	critical
109516	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1118)	Nessus	Huawei Local Security Checks	high
109515	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2018-1117)	Nessus	Huawei Local Security Checks	high
109000	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0907-1)	Nessus	SuSE Local Security Checks	high
108949	Ubuntu 14.04 LTS / 16.04 LTS : firefox regression (USN-3596-2)	Nessus	Ubuntu Local Security Checks	high
108944	Scientific Linux Security Update : thunderbird on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
108943	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
108938	Oracle Linux 6 : thunderbird (ELSA-2018-0647)	Nessus	Oracle Linux Local Security Checks	high
108899	CentOS 7 : thunderbird (CESA-2018:0648)	Nessus	CentOS Local Security Checks	high
108898	CentOS 6 : thunderbird (CESA-2018:0647)	Nessus	CentOS Local Security Checks	high
108868	RHEL 7 : thunderbird (RHSA-2018:0648)	Nessus	Red Hat Local Security Checks	high
108867	RHEL 6 : thunderbird (RHSA-2018:0647)	Nessus	Red Hat Local Security Checks	high
108862	Oracle Linux 7 : thunderbird (ELSA-2018-0648)	Nessus	Oracle Linux Local Security Checks	high
108751	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : thunderbird vulnerabilities (USN-3545-1)	Nessus	Ubuntu Local Security Checks	high
108749	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:0850-1)	Nessus	SuSE Local Security Checks	high
108727	Debian DLA-1327-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
108697	Debian DSA-4155-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
108636	openSUSE Security Update : Mozilla Thunderbird (openSUSE-2018-313)	Nessus	SuSE Local Security Checks	high
108399	Scientific Linux Security Update : firefox on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
108398	Scientific Linux Security Update : firefox on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
108397	RHEL 7 : firefox (RHSA-2018:0527)	Nessus	Red Hat Local Security Checks	high
108396	RHEL 6 : firefox (RHSA-2018:0526)	Nessus	Red Hat Local Security Checks	high
108394	Oracle Linux 7 : firefox (ELSA-2018-0527)	Nessus	Oracle Linux Local Security Checks	high
108393	Oracle Linux 6 : firefox (ELSA-2018-0526)	Nessus	Oracle Linux Local Security Checks	high
108387	Debian DSA-4139-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
108385	Debian DLA-1308-1 : firefox-esr security update	Nessus	Debian Local Security Checks	high
108384	CentOS 7 : firefox (CESA-2018:0527)	Nessus	CentOS Local Security Checks	high
108383	CentOS 6 : firefox (CESA-2018:0526)	Nessus	CentOS Local Security Checks	high
108377	Mozilla Firefox < 59 Multiple Vulnerabilities	Nessus	Windows	high
108376	Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities	Nessus	Windows	high
108375	Mozilla Firefox < 59 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
108374	Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
108370	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox vulnerabilities (USN-3596-1)	Nessus	Ubuntu Local Security Checks	high
108356	openSUSE Security Update : MozillaFirefox (openSUSE-2018-255)	Nessus	SuSE Local Security Checks	high
108315	FreeBSD : mozilla -- multiple vulnerabilities (c71cdc95-3c18-45b7-866a-af28b59aabb5)	Nessus	FreeBSD Local Security Checks	high