Vulnerability CVE-2018-5150: Information

Description

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-5150

Published: June 12, 2018

Modified: March 13, 2019

Error type identifier: CWE-119

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	60.0.1-alt1	125.0.2-alt1	ALT-PU-2018-1787-1	206819	Fixed
firefox	p10	60.0.1-alt1	118.0.2-alt0.p10.1	ALT-PU-2018-1787-1	206819	Fixed
firefox	p9	60.0.1-alt1	105.0.1-alt0.c9.1	ALT-PU-2018-1787-1	206819	Fixed
firefox	p8	60.0.1-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2018-1898-1	206884	Fixed
firefox	c10f1	60.0.1-alt1	112.0.2-alt0.p10.1	ALT-PU-2018-1787-1	206819	Fixed
firefox	c9f2	60.0.1-alt1	105.0.1-alt0.c9.1	ALT-PU-2018-1787-1	206819	Fixed
firefox	c7	52.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2018-1799-1	206926	Fixed
firefox-esr	sisyphus	60.0.1-alt1	115.10.0-alt1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p10	60.0.1-alt1	115.10.0-alt1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p9	60.0.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p8	52.8.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2018-1733-1	206096	Fixed
firefox-esr	c10f1	60.0.1-alt1	115.9.1-alt0.c10.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	c9f2	60.0.1-alt1	102.12.0-alt0.c9.1	ALT-PU-2018-1854-1	207816	Fixed
thunderbird	sisyphus	52.8.0-alt1	115.9.0-alt1	ALT-PU-2018-1753-1	206663	Fixed
thunderbird	p10	52.8.0-alt1	115.9.0-alt1	ALT-PU-2018-1753-1	206663	Fixed
thunderbird	p9	52.8.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2018-1753-1	206663	Fixed
thunderbird	p8	52.8.0-alt0.M80P.1	60.8.0-alt0.M80P.1	ALT-PU-2018-1762-1	206669	Fixed
thunderbird	c10f1	52.8.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2018-1753-1	206663	Fixed
thunderbird	c9f2	52.8.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2018-1753-1	206663	Fixed
thunderbird	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2345-1	234994	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2018-13/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-12/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-11/	Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129	Issue Tracking Permissions Required Third Party Advisory
DSA-4209	Third Party Advisory
DSA-4199	Third Party Advisory
USN-3660-1	Third Party Advisory
USN-3645-1	Third Party Advisory
[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update	Mailing List Third Party Advisory
[debian-lts-announce] 20180511 [SECURITY] [DLA 1376-1] firefox-esr security update	Mailing List Third Party Advisory
RHSA-2018:1726	Third Party Advisory
RHSA-2018:1725	Third Party Advisory
RHSA-2018:1415	Third Party Advisory
RHSA-2018:1414	Third Party Advisory
1040896	Third Party Advisory VDB Entry
104136	Third Party Advisory VDB Entry
USN-3688-1	Third Party Advisory
GLSA-201810-01	Third Party Advisory
GLSA-201811-13	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  60.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  52.8.0
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  52.8.0
  cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
  End excliding
  52.8.0
  
  Configuration 4
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Version: v24.4.2

Vulnerability CVE-2018-5150: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4