CVE-2018-12375
published 2018-10-18CVE-2018-12375: Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these…
PriorityP338high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
1.84%
76.3th percentile
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | firefox | < firefox 62.0-1 (sid) | firefox 62.0-1 (sid) |
| mozilla | firefox | < 62.0 | 62.0 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.14.04.5 | 62.0+build2-0ubuntu0.14.04.5 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.14.04.4 | 62.0+build2-0ubuntu0.14.04.4 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.14.04.3 | 62.0+build2-0ubuntu0.14.04.3 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.16.04.5 | 62.0+build2-0ubuntu0.16.04.5 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.16.04.4 | 62.0+build2-0ubuntu0.16.04.4 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.16.04.3 | 62.0+build2-0ubuntu0.16.04.3 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.18.04.5 | 62.0+build2-0ubuntu0.18.04.5 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.18.04.4 | 62.0+build2-0ubuntu0.18.04.4 |
| mozilla | firefox | >= 0 < 62.0+build2-0ubuntu0.18.04.3 | 62.0+build2-0ubuntu0.18.04.3 |
| mozilla | firefox | >= unspecified < 62 | 62 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-673x-h77f-ggvc: Memory safety bugs present in Firefox 61
ghsa_unreviewed·2022-05-14
CVE-2018-12375 [HIGH] CWE-119 GHSA-673x-h77f-ggvc: Memory safety bugs present in Firefox 61
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
OSV
firefox regressions
osv·2018-09-17·CVSS 8.8
[HIGH] firefox regressions
firefox regressions
USN-3761-1 fixed vulnerabilities in Firefox. The update caused several
regressions affecting spellchecker dictionaries and search engines, which
were partially fixed by USN-3761-2. This update contains the remaining fix.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)
It was discovered that if a user saved passwords before Firefox 58 and
then later set a primary password, an unencrypted copy of these passwords
would still be accessible. A local user could exploit this to
OSV
firefox regressions
osv·2018-09-13·CVSS 8.8
CVE-2018-12375 [HIGH] firefox regressions
firefox regressions
USN-3761-1 fixed vulnerabilities in Firefox. The update caused several
regressions affecting spellchecker dictionaries and search engines. This
update fixes the problems.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)
It was discovered that if a user saved passwords before Firefox 58 and
then later set a master password, an unencrypted copy of these passwords
would still be accessible. A local user could exploit this to obtain
sensitive information. (CVE-2018-12383)
OSV
CVE-2018-12375: Memory safety bugs present in Firefox 61
osv·2018-09-06·CVSS 8.8
CVE-2018-12375 [HIGH] CVE-2018-12375: Memory safety bugs present in Firefox 61
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
OSV
firefox vulnerabilities
osv·2018-09-06·CVSS 8.8
CVE-2018-12375 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)
It was discovered that if a user saved passwords before Firefox 58 and
then later set a primary password, an unencrypted copy of these passwords
would still be accessible. A local user could exploit this to obtain
sensitive information. (CVE-2018-12383)
Ubuntu
Firefox regressions
vendor_ubuntu·2018-09-17·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-3761-1 caused several regressions in Firefox.
USN-3761-1 fixed vulnerabilities in Firefox. The update caused several
regressions affecting spellchecker dictionaries and search engines, which
were partially fixed by USN-3761-2. This update contains the remaining fix.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)
It was discovered that if a user saved passwords before Firefox 58 and
then later set a primary password, an unencrypted copy of these pass
Ubuntu
Firefox regressions
vendor_ubuntu·2018-09-13·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-3761-1 caused several regressions in Firefox.
USN-3761-1 fixed vulnerabilities in Firefox. The update caused several
regressions affecting spellchecker dictionaries and search engines. This
update fixes the problems.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)
It was discovered that if a user saved passwords before Firefox 58 and
then later set a master password, an unencrypted copy of these passwords
would still be accessible. A local user could
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2018-09-06·CVSS 8.8
CVE-2018-12375 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378)
It was discovered that if a user saved passwords before Firefox 58 and
then later set a primary password, an unencrypted copy of these passwords
would still be accessible. A local user could exploit this to obtain
sensitive information. (CVE-2018-12383)
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 62
vendor_redhat·2018-09-05·CVSS 8.8
CVE-2018-12375 [HIGH] CWE-120 Mozilla: Memory safety bugs fixed in Firefox 62
Mozilla: Memory safety bugs fixed in Firefox 62
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2018-12375: firefox - Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of ...
vendor_debian·2018·CVSS 8.8
CVE-2018-12375 [HIGH] CVE-2018-12375: firefox - Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of ...
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
Scope: local
sid: resolved (fixed in 62.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-12375 Mozilla: Memory safety bugs fixed in Firefox 62
bugzilla·2018-09-05·CVSS 8.8
CVE-2018-12375 [HIGH] CVE-2018-12375 Mozilla: Memory safety bugs fixed in Firefox 62
CVE-2018-12375 Mozilla: Memory safety bugs fixed in Firefox 62
Mozilla developers and community members reported memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12375
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Christian Holler, Jesse Ruderman, Sebastian Hengst, Nicolas Grunbaum, Gary Kwong
Bugzilla
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3
bugzilla·2018-01-29·CVSS 7.5
CVE-2017-12374 [HIGH] CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3
Multiple security bugs fixed in clamav 0.99.3.
References:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
Discussion:
Created clamav tracking bugs for this issue:
Affects: epel-all [bug 1539864]
Affects: fedora-all [bug 1539865]
---
Can we close this bug ? , since clamav 0.99.4 already available in all branches
---
(In reply to Sergio Monteiro Basto from comment #2)
> Can we close this bug ? , since clamav 0.99.4 already available in all
> branches
Yes, closing.
http://www.securityfocus.com/bid/105276http://www.securitytracker.com/id/1041610https://bugzilla.mozilla.org/buglist.cgi?bug_id=1478849%2C1433502%2C1480965%2C894215%2C1462693%2C1475431%2C1461027https://usn.ubuntu.com/3761-1/https://www.mozilla.org/security/advisories/mfsa2018-20/http://www.securityfocus.com/bid/105276http://www.securitytracker.com/id/1041610https://bugzilla.mozilla.org/buglist.cgi?bug_id=1478849%2C1433502%2C1480965%2C894215%2C1462693%2C1475431%2C1461027https://usn.ubuntu.com/3761-1/https://www.mozilla.org/security/advisories/mfsa2018-20/
2018-10-18
Published