CVE-2018-5089
published 2018-06-11CVE-2018-5089: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough…
PriorityP339critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.34%
87.2th percentile
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 58.0-1 (sid) | firefox 58.0-1 (sid) |
| debian | firefox-esr | < firefox 58.0-1 (sid) | firefox 58.0-1 (sid) |
| debian | thunderbird | < firefox 58.0-1 (sid) | firefox 58.0-1 (sid) |
| mozilla | firefox | < 52.6.0 | 52.6.0 |
| mozilla | firefox | <= 58.0 | — |
| mozilla | firefox | >= 0 < 58.0.2+build1-0ubuntu0.14.04.1 | 58.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 58.0+build6-0ubuntu0.14.04.1 | 58.0+build6-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 58.0.2+build1-0ubuntu0.16.04.1 | 58.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 58.0+build6-0ubuntu0.16.04.1 | 58.0+build6-0ubuntu0.16.04.1 |
| mozilla | firefox | >= unspecified < 58 | 58 |
| mozilla | firefox_esr | >= unspecified < 52.6 | 52.6 |
| mozilla | thunderbird | < 52.6.0 | 52.6.0 |
| mozilla | thunderbird | >= 0 < 1:52.6.0-1 | 1:52.6.0-1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0-1 | 1:52.6.0-1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0-1 | 1:52.6.0-1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0-1 | 1:52.6.0-1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0+build1-0ubuntu0.14.04.1 | 1:52.6.0+build1-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0+build1-0ubuntu0.16.04.1 | 1:52.6.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= unspecified < 52.6 | 52.6 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cg8w-v8x6-c23r: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52
ghsa_unreviewed·2022-05-14
CVE-2018-5089 [CRITICAL] CWE-119 GHSA-cg8w-v8x6-c23r: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
OSV
CVE-2018-5089: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52
osv·2018-06-11·CVSS 9.8
CVE-2018-5089 [CRITICAL] CVE-2018-5089: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
OSV
firefox regressions
osv·2018-02-12·CVSS 9.8
[CRITICAL] firefox regressions
firefox regressions
USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web
compatibility regression and a tab crash during printing in some
circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,
CVE-2018-5097, CVE-2018-5098, CVE-2018-5099
OSV
thunderbird vulnerabilities
osv·2018-01-29·CVSS 5.3
CVE-2017-7829 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that a From address encoded with a null character is
cut off in the message header display. An attacker could potentially
exploit this to spoof the sender address. (CVE-2017-7829)
It was discovered that it is possible to execute JavaScript in RSS feeds
in some circumstances. If a user were tricked in to opening a specially
crafted RSS feed, an attacker could potentially exploit this in
combination with another vulnerability, in order to cause unspecified
problems. (CVE-2017-7846)
It was discovered that the RSS feed can leak local path names. If a user
were tricked in to opening a specially crafted RSS feed, an attacker
could potentially exploit this to obtain sensitive information.
(CVE-2017-7847)
It was discovered that RSS feeds are vulner
OSV
firefox vulnerabilities
osv·2018-01-24·CVSS 9.8
CVE-2018-5089 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,
CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101,
CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114,
CVE-2018-5115, CVE-2018-5117, CVE-2018-5122)
Multiple security issues were discovered in WebExtensions. If a user were
tricked in to i
Ubuntu
Spidermonkey vulnerabilities
vendor_ubuntu·2018-06-19
CVE-2017-7810 Spidermonkey vulnerabilities
Title: Spidermonkey vulnerabilities
Summary: Several security issues were fixed in Spidermonkey.
Multiple memory safety issues were fixed in Spidermonkey. An attacker
could potentially exploit these to cause a denial of service, or execute
arbitrary code.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Ubuntu
Firefox regressions
vendor_ubuntu·2018-02-12·CVSS 9.8
[CRITICAL] Firefox regressions
Title: Firefox regressions
Summary: USN-3544-1 caused some regressions in Firefox.
USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web
compatibility regression and a tab crash during printing in some
circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2018-01-29·CVSS 5.3
CVE-2017-7829 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that a From address encoded with a null character is
cut off in the message header display. An attacker could potentially
exploit this to spoof the sender address. (CVE-2017-7829)
It was discovered that it is possible to execute JavaScript in RSS feeds
in some circumstances. If a user were tricked in to opening a specially
crafted RSS feed, an attacker could potentially exploit this in
combination with another vulnerability, in order to cause unspecified
problems. (CVE-2017-7846)
It was discovered that the RSS feed can leak local path names. If a user
were tricked in to opening a specially crafted RSS feed, an attacker
could potentially exploit this to obtain sensitive infor
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2018-01-24·CVSS 9.8
CVE-2018-5089 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,
CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101,
CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114,
CVE-2018-5115, CVE-2018
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03)
vendor_redhat·2018-01-23·CVSS 9.8
CVE-2018-5089 [CRITICAL] CWE-120 Mozilla: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03)
Mozilla: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03)
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Debian
CVE-2018-5089: firefox - Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of the...
vendor_debian·2018·CVSS 9.8
CVE-2018-5089 [CRITICAL] CVE-2018-5089: firefox - Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of the...
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Scope: local
sid: resolved (fixed in 58.0-1)
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/102783http://www.securitytracker.com/id/1040270https://access.redhat.com/errata/RHSA-2018:0122https://access.redhat.com/errata/RHSA-2018:0262https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612https://lists.debian.org/debian-lts-announce/2018/01/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2018/01/msg00036.htmlhttps://usn.ubuntu.com/3544-1/https://usn.ubuntu.com/3688-1/https://www.debian.org/security/2018/dsa-4096https://www.debian.org/security/2018/dsa-4102https://www.mozilla.org/security/advisories/mfsa2018-02/https://www.mozilla.org/security/advisories/mfsa2018-03/https://www.mozilla.org/security/advisories/mfsa2018-04/http://www.securityfocus.com/bid/102783http://www.securitytracker.com/id/1040270https://access.redhat.com/errata/RHSA-2018:0122https://access.redhat.com/errata/RHSA-2018:0262https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612https://lists.debian.org/debian-lts-announce/2018/01/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2018/01/msg00036.htmlhttps://usn.ubuntu.com/3544-1/https://usn.ubuntu.com/3688-1/https://www.debian.org/security/2018/dsa-4096https://www.debian.org/security/2018/dsa-4102https://www.mozilla.org/security/advisories/mfsa2018-02/https://www.mozilla.org/security/advisories/mfsa2018-03/https://www.mozilla.org/security/advisories/mfsa2018-04/
2018-06-11
Published