CVE-2018-12379 — Out-of-bounds Write in Mozilla Firefox
Severity
7.8HIGHNVD
EPSS
0.1%
top 73.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 14
Description
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.6, 7.5
🔴Vulnerability Details
3GHSA▶
GHSA-77mg-phf5-3h8g: When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a poten↗2022-05-14
OSV▶
CVE-2018-12379: When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a poten↗2018-10-18
CVEList▶
CVE-2018-12379: When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a poten↗2018-10-18