cbcvebase.
CVE-2018-12376
published 2018-10-18

CVE-2018-12376: Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianfirefox< firefox 62.0-1 (sid)firefox 62.0-1 (sid)
debianfirefox-esr< firefox 62.0-1 (sid)firefox 62.0-1 (sid)
debianthunderbird< firefox 62.0-1 (sid)firefox 62.0-1 (sid)
mozillafirefox< 60.2.060.2.0
mozillafirefox< 62.062.0
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.14.04.562.0+build2-0ubuntu0.14.04.5
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.14.04.462.0+build2-0ubuntu0.14.04.4
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.14.04.362.0+build2-0ubuntu0.14.04.3
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.16.04.562.0+build2-0ubuntu0.16.04.5
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.16.04.462.0+build2-0ubuntu0.16.04.4
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.16.04.362.0+build2-0ubuntu0.16.04.3
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.18.04.562.0+build2-0ubuntu0.18.04.5
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.18.04.462.0+build2-0ubuntu0.18.04.4
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.18.04.362.0+build2-0ubuntu0.18.04.3
mozillafirefox>= unspecified < 6262
mozillafirefox_esr>= unspecified < 60.260.2
mozillathunderbird< 60.2.160.2.1
mozillathunderbird>= 0 < 1:60.2.1-11:60.2.1-1
mozillathunderbird>= 0 < 1:60.2.1-11:60.2.1-1
mozillathunderbird>= 0 < 1:60.2.1-11:60.2.1-1

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL