CVE-2018-5183Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox ESR

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
3.9%
top 11.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Mozilla Firefox ESRMozilla ThunderbirdMozilla Thunderbird ESR+9 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

CVEListV5mozilla/thunderbirdunspecified52.8
NVDmozilla/thunderbird< 52.8.0
CVEListV5mozilla/thunderbird_esrunspecified52.8
Debianmozilla/thunderbird< 1:52.8.0-1+3

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-62wp-qw94-ppmq: Mozilla developers backported selected changes in the Skia library2022-05-14
CVEList
CVE-2018-5183: Mozilla developers backported selected changes in the Skia library2018-06-11
OSV
CVE-2018-5183: Mozilla developers backported selected changes in the Skia library2018-06-11

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2018-05-25
Red Hat
Mozilla: Backport critical security fixes in Skia2018-05-09
Debian
CVE-2018-5183: firefox-esr - Mozilla developers backported selected changes in the Skia library. These change...2018

💬Community

2
Bugzilla
CVE-2018-5183 Mozilla: Backport critical security fixes in Skia2018-05-09
Bugzilla
CVE-2015-5183 Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ2015-07-31
CVE-2018-5183 — Mozilla Firefox ESR vulnerability | cvebase