Vulnerability CVE-2018-12379: Information
Description
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2018-25/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-21/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-20/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1473113 |
|
RHSA-2018:2693 |
|
RHSA-2018:2692 |
|
1041610 |
|
105280 |
|
GLSA-201810-01 |
|
DSA-4327 |
|
RHSA-2018:3403 |
|
RHSA-2018:3458 |
|
[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update |
|
GLSA-201811-13 |
|