CVE-2018-5150 Information

Description

Memory safety bugs were reported in Firefox 59 Firefox ESR 52.7 and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird 52.8 Thunderbird ESR 52.8 Firefox 60 and Firefox ESR 52.8.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/buglist.cgi?bug_id=13880202C14336092C14094402C14487052C14513762C14522022C14446682C13933672C14114152C1426129 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3645-1/ https://usn.ubuntu.com/3660-1/ https://usn.ubuntu.com/3688-1/ https://www.debian.org/security/2018/dsa-4199 https://www.debian.org/security/2018/dsa-4209 https://www.mozilla.org/security/advisories/mfsa2018-11/ https://www.mozilla.org/security/advisories/mfsa2018-12/ https://www.mozilla.org/security/advisories/mfsa2018-13/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8