Vulnerability CVE-2018-12376: Information

Description

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-12376
Published: Oct. 18, 2018
Modified: Dec. 6, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus62.0.3-alt1126.0-alt1ALT-PU-2018-2423-1214118Fixed
firefoxp1062.0.3-alt1118.0.2-alt0.p10.1ALT-PU-2018-2423-1214118Fixed
firefoxp962.0.3-alt1105.0.1-alt0.c9.1ALT-PU-2018-2423-1214118Fixed
firefoxp862.0.3-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2018-2479-1214248Fixed
firefoxc10f162.0.3-alt1112.0.2-alt0.p10.1ALT-PU-2018-2423-1214118Fixed
firefoxc9f262.0.3-alt1105.0.1-alt0.c9.1ALT-PU-2018-2423-1214118Fixed
firefoxc760.6.1-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-1726-1218597Fixed
firefox-esrsisyphus60.2.0-alt1115.10.0-alt1ALT-PU-2018-2304-1212803Fixed
firefox-esrp1060.2.0-alt1115.10.0-alt1ALT-PU-2018-2304-1212803Fixed
firefox-esrp968.0.2-alt1102.11.0-alt0.c9.1ALT-PU-2019-2486-1235108Fixed
firefox-esrp860.2.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2018-2343-1212912Fixed
firefox-esrc10f160.2.0-alt1115.9.1-alt0.c10.1ALT-PU-2018-2304-1212803Fixed
firefox-esrc9f268.0.2-alt1102.12.0-alt0.c9.1ALT-PU-2019-2486-1235108Fixed
thunderbirdsisyphus60.3.0-alt1115.9.0-alt1ALT-PU-2018-2669-1210777Fixed
thunderbirdp1060.3.0-alt1115.9.0-alt1ALT-PU-2018-2669-1210777Fixed
thunderbirdp960.3.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2669-1210777Fixed
thunderbirdp860.7.2-alt0.M80P.160.8.0-alt0.M80P.1ALT-PU-2019-2196-1216874Fixed
thunderbirdc10f160.3.0-alt1115.9.0-alt0.c10.1ALT-PU-2018-2669-1210777Fixed
thunderbirdc9f260.3.0-alt1102.11.0-alt0.c9.1ALT-PU-2018-2669-1210777Fixed
thunderbirdc760.8.0-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-2345-1234994Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2018-25/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-21/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-20/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849
  • Issue Tracking
  • Third Party Advisory
DSA-4287
  • Third Party Advisory
USN-3793-1
  • Third Party Advisory
USN-3761-1
  • Third Party Advisory
RHSA-2018:2693
  • Third Party Advisory
RHSA-2018:2692
  • Third Party Advisory
1041610
  • Third Party Advisory
  • VDB Entry
105280
  • Third Party Advisory
  • VDB Entry
GLSA-201810-01
  • Third Party Advisory
DSA-4327
  • Third Party Advisory
RHSA-2018:3403
  • Third Party Advisory
RHSA-2018:3458
  • Third Party Advisory
[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update
  • Mailing List
  • Third Party Advisory
GLSA-201811-13
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

      Configuration 4

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      62.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      60.2.0
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      60.2.1
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top