CVE-2018-18501

CWE-119Buffer OverflowCWE-120Classic Buffer Overflow10 documents8 sources
Severity
9.8CRITICAL
EPSS
4.6%
top 10.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+7 more
Timeline
PublishedFeb 5
Latest updateMay 14

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

CVEListV5mozilla/firefoxunspecified65
NVDmozilla/firefox< 65.0
CVEListV5mozilla/firefox_esrunspecified60.5
Ubuntufirefox< 65.0+build2-0ubuntu0.14.04.1+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6

🔴Vulnerability Details

4
GHSA
GHSA-4hxm-f92j-36cq: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 602022-05-14
CVEList
CVE-2018-18501: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 602019-02-05
OSV
CVE-2018-18501: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 602019-02-05
OSV
firefox vulnerabilities2019-01-30

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2019-02-26
Ubuntu
Firefox vulnerabilities2019-01-30
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.52019-01-29
Debian
CVE-2018-18501: firefox - Mozilla developers and community members reported memory safety bugs present in ...2018

💬Community

1
Bugzilla
CVE-2018-18501 Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.52019-01-29