CVE-2018-5183: Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Affected

32 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox-esr	< firefox-esr 52.8.0esr-1 (bookworm)	firefox-esr 52.8.0esr-1 (bookworm)
debian	thunderbird	< firefox-esr 52.8.0esr-1 (bookworm)	firefox-esr 52.8.0esr-1 (bookworm)
mozilla	firefox	< 52.8.0	52.8.0
mozilla	firefox_esr	>= unspecified < 52.8	52.8
mozilla	thunderbird	< 52.8.0	52.8.0
mozilla	thunderbird	>= 0 < 1:52.8.0-1	1:52.8.0-1
mozilla	thunderbird	>= 0 < 1:52.8.0-1	1:52.8.0-1
mozilla	thunderbird	>= 0 < 1:52.8.0-1	1:52.8.0-1
mozilla	thunderbird	>= 0 < 1:52.8.0-1	1:52.8.0-1
mozilla	thunderbird	>= 0 < 1:52.8.0+build1-0ubuntu0.14.04.1	1:52.8.0+build1-0ubuntu0.14.04.1
mozilla	thunderbird	>= 0 < 1:52.8.0+build1-0ubuntu0.16.04.1	1:52.8.0+build1-0ubuntu0.16.04.1
mozilla	thunderbird	>= 0 < 1:52.8.0+build1-0ubuntu0.18.04.1	1:52.8.0+build1-0ubuntu0.18.04.1
mozilla	thunderbird	>= unspecified < 52.8	52.8
mozilla	thunderbird_esr	< 52.8.0	52.8.0
mozilla	thunderbird_esr	>= unspecified < 52.8	52.8
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL