CVE-2018-5125

high

Description

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

References

http://www.securityfocus.com/bid/103388

http://www.securitytracker.com/id/1040514

https://access.redhat.com/errata/RHSA-2018:0526

https://access.redhat.com/errata/RHSA-2018:0527

https://access.redhat.com/errata/RHSA-2018:0647

https://access.redhat.com/errata/RHSA-2018:0648

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520

https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html

https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3545-1/

https://usn.ubuntu.com/3596-1/

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2018/dsa-4139

https://www.debian.org/security/2018/dsa-4155

https://www.mozilla.org/security/advisories/mfsa2018-06/

https://www.mozilla.org/security/advisories/mfsa2018-07/

https://www.mozilla.org/security/advisories/mfsa2018-09/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2019-03-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH