CVE-2018-12401 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation10 documents7 sources

Severity

7.5HIGHNVD

OSV8.8

EPSS

0.9%

top 24.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Canonical Ubuntu Linux

Timeline

PublishedFeb 28

Latest updateMay 14

Description

Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/firefox< firefox 63.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 63

▶NVDmozilla/firefox< 63.0

▶Ubuntumozilla/firefox< 63.0.3+build1-0ubuntu0.14.04.1+5

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-7qcf-mj94-5gw6: Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string↗2022-05-14

▶

OSV

firefox regressions↗2018-11-23

▶

OSV

firefox vulnerabilities↗2018-10-24

▶

OSV

CVE-2018-12401: Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string↗2018-10-24

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2018-11-23

▶

Ubuntu

Firefox vulnerabilities↗2018-10-24

▶

Red Hat

firefox: special resource URI parsing leading to denial of service↗2018-10-23

▶

Debian

CVE-2018-12401: firefox - Some special resource URIs will cause a non-exploitable crash if loaded with opt...↗2018

▶

💬Community

Bugzilla

CVE-2018-12401 firefox: special resource URI parsing leading to denial of service↗2019-03-28

▶