Lucene search

MozillaCVE-2018-12362

HistoryOct 18, 2018 - 1:29 p.m.

CVE-2018-12362

2018-10-1813:29:01

CWE-190

mozilla

web.nvd.nist.gov

145

cve-2018-12362

ssse3 scaler

integer overflow

exploitable crash

thunderbird

firefox esr

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

76.1%

JSON

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Affected configurations

Nvd

Vulners

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

canonicalubuntu_linuxMatch18.04lts

Node

mozillafirefoxRange<61.0

mozillafirefox_esrRange<52.9

mozillafirefox_esrRange53.0–60.1.0

mozillathunderbirdRange<52.9

mozillathunderbirdRange52.9.1–60.0

VendorProductVersionCPE
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.6cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
redhatenterprise_linux_server_eus7.5cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
redhatenterprise_linux_server_eus7.6cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
redhatenterprise_linux_server_tus7.6cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
redhatenterprise_linux_workstation6.0cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_server_aus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
redhat	enterprise_linux_server_eus	7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
redhat	enterprise_linux_server_eus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
redhat	enterprise_linux_server_tus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
redhat	enterprise_linux_workstation	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "52.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "60.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "52.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "61",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]