[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-5150Date: (C)2018-06-12   (M)2018-08-07


Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1040896
BID-104136
DSA-4199
DSA-4209
RHSA-2018:1414
RHSA-2018:1415
RHSA-2018:1725
RHSA-2018:1726
USN-3645-1
USN-3660-1
USN-3688-1
https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129
https://www.mozilla.org/security/advisories/mfsa2018-11/
https://www.mozilla.org/security/advisories/mfsa2018-12/
https://www.mozilla.org/security/advisories/mfsa2018-13/

CPE    513
cpe:/a:mozilla:thunderbird_esr:10.0
cpe:/a:mozilla:thunderbird_esr:10.0.1
cpe:/a:mozilla:thunderbird_esr:10.0.2
cpe:/a:mozilla:thunderbird_esr:10.0.3
...
CWE    1
CWE-119
OVAL    27
oval:org.secpod.oval:def:502293
oval:org.secpod.oval:def:1800980
oval:org.secpod.oval:def:704095
oval:org.secpod.oval:def:502289
...

© SecPod Technologies