CVE-2018-12375Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow13 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 33.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxCanonical Ubuntu Linux
Timeline
PublishedOct 18
Latest updateMay 14

Description

Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/firefox< firefox 62.0-1 (sid)
CVEListV5mozilla/firefoxunspecified62
NVDmozilla/firefox< 62.0
Ubuntumozilla/firefox< 62.0+build2-0ubuntu0.14.04.5+8

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

🔴Vulnerability Details

5
GHSA
GHSA-673x-h77f-ggvc: Memory safety bugs present in Firefox 612022-05-14
OSV
firefox regressions2018-09-17
OSV
firefox regressions2018-09-13
OSV
CVE-2018-12375: Memory safety bugs present in Firefox 612018-09-06
OSV
firefox vulnerabilities2018-09-06

📋Vendor Advisories

5
Ubuntu
Firefox regressions2018-09-17
Ubuntu
Firefox regressions2018-09-13
Ubuntu
Firefox vulnerabilities2018-09-06
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 622018-09-05
Debian
CVE-2018-12375: firefox - Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of ...2018

💬Community

2
Bugzilla
CVE-2018-12375 Mozilla: Memory safety bugs fixed in Firefox 622018-09-05
Bugzilla
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.32018-01-29