CVE-2018-5187

HIGH

Description

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

References

http://www.securityfocus.com/bid/104556

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1461324%2C1414829%2C1395246%2C1467938%2C1461619%2C1425930%2C1438556%2C1454285%2C1459568%2C1463884

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3705-1/

https://www.debian.org/security/2018/dsa-4295

https://www.mozilla.org/security/advisories/mfsa2018-15/

https://www.mozilla.org/security/advisories/mfsa2018-16/

https://www.mozilla.org/security/advisories/mfsa2018-19/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2018-12-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
123293	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-680)	Nessus	SuSE Local Security Checks	high
123288	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-664)	Nessus	SuSE Local Security Checks	high
123203	openSUSE Security Update : MozillaFirefox (openSUSE-2019-494)	Nessus	SuSE Local Security Checks	high
119133	GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
118890	Debian DLA-1575-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
117987	openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1139)	Nessus	SuSE Local Security Checks	high
117894	GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
117505	Debian DSA-4295-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
117383	openSUSE Security Update : MozillaThunderbird (openSUSE-2018-994)	Nessus	SuSE Local Security Checks	high
700341	Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700330	Mozilla Firefox < 61 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
111981	Mozilla Thunderbird < 60.0 Multiple Vulnerabilities	Nessus	Windows	high
111980	Mozilla Thunderbird < 60.0 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
111005	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox regressions (USN-3705-2)	Nessus	Ubuntu Local Security Checks	high
110942	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox vulnerabilities (USN-3705-1)	Nessus	Ubuntu Local Security Checks	high
110811	Mozilla Firefox < 61 Multiple Critical Vulnerabilities	Nessus	Windows	high
110810	Mozilla Firefox ESR < 60.1 Multiple Critical Vulnerabilities	Nessus	Windows	high
110808	Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
110806	Mozilla Firefox < 61 Multiple Critical Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
110801	openSUSE Security Update : MozillaFirefox (openSUSE-2018-676)	Nessus	SuSE Local Security Checks	high
110700	FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)	Nessus	FreeBSD Local Security Checks	high