Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12362 (GCVE-0-2018-12362)
Vulnerability from cvelistv5 – Published: 2018-10-18 13:00 – Updated: 2024-08-05 08:30
VLAI
EPSS
Summary
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Severity
No CVSS data available.
CWE
- Integer overflow in SSSE3 scaler
Assigner
References
20 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 60
(custom)
Affected: unspecified , < 52.9 (custom) |
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 60.1
(custom)
Affected: unspecified , < 52.9 (custom) |
|
| Mozilla | Firefox |
Affected:
unspecified , < 61
(custom)
|
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4235",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"name": "RHSA-2018:2113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "DSA-4244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"name": "104560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "RHSA-2018:2252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name": "RHSA-2018:2251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "USN-3705-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "USN-3714-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "52.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "52.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer overflow in SSSE3 scaler",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4235",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"name": "RHSA-2018:2113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "DSA-4244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"name": "104560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "RHSA-2018:2252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name": "RHSA-2018:2251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "USN-3705-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "USN-3714-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.1"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "61"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow in SSSE3 scaler"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-18/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "DSA-4244",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"name": "104560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "RHSA-2018:2252",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name": "RHSA-2018:2251",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "USN-3714-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-12362",
"datePublished": "2018-10-18T13:00:00.000Z",
"dateReserved": "2018-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-12362",
"date": "2026-05-28",
"epss": "0.02984",
"percentile": "0.8675"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12362\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-10-18T13:29:01.383\",\"lastModified\":\"2024-11-21T03:45:03.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.\"},{\"lang\":\"es\",\"value\":\"Puede ocurrir un desbordamiento de enteros durante las operaciones de gr\u00e1ficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"61.0\",\"matchCriteriaId\":\"2F47E7EA-86AF-46A8-8E17-3360A8AE8492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"53.0\",\"versionEndExcluding\":\"60.1.0\",\"matchCriteriaId\":\"C3B8C21C-B987-4585-BE32-7D9CB9FC1C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.9\",\"matchCriteriaId\":\"A6C8C7E3-CDC4-4C30-A98D-CC55BF72A404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.9\",\"matchCriteriaId\":\"B8131415-A73C-42F1-BB3E-E5F09CDD7FC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"52.9.1\",\"versionEndExcluding\":\"60.0\",\"matchCriteriaId\":\"6C153A53-86A9-4EE3-8F40-733F844F371F\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104560\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041193\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2112\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2113\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2251\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2252\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1452375\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3705-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3714-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4235\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4244\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-15/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-16/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-17/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-18/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-19/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1452375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3705-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3714-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-16/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-17/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-18/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-19/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
BDU:2019-03464
Vulnerability from fstec - Published: 26.06.2018
VLAI
Title
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная целочисленным переполнением, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации в результате выполнения графических операций реализуемых с помощью SSSE3
Severity
Vendor
Canonical Ltd., Red Hat Inc., АО «ИВК», Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Mozilla Corp., АО «НТЦ ИТ РОСА»
Software Name
Ubuntu, Red Hat Enterprise Linux, Альт Линукс СПТ (запись в едином реестре российских программ №9), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП Сервер, Альт 8 СП Рабочая станция, Firefox, Firefox ESR, Thunderbird, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), РОСА Кобальт (запись в едином реестре российских программ №1999)
Software Version
14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (Альт Линукс СПТ), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), - (Альт 8 СП Сервер), - (Альт 8 СП Рабочая станция), 15.0 (OpenSUSE Leap), 8 (Debian GNU/Linux), до 61 (Firefox), до 52.9 (Firefox ESR), до 52.9 (Thunderbird), от 52.9.1 до 60.0 (Thunderbird), от 53.0 до 60.1.0 (Firefox ESR), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), - (РОСА Кобальт)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Mozilla Corp.:
https://www.mozilla.org/security/advisories/mfsa2018-15/
https://www.mozilla.org/security/advisories/mfsa2018-16/
https://www.mozilla.org/security/advisories/mfsa2018-17/
https://www.mozilla.org/security/advisories/mfsa2018-18/
https://www.mozilla.org/security/advisories/mfsa2018-19/
Для Ubuntu:
https://usn.ubuntu.com/3705-1/
https://usn.ubuntu.com/3714-1/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для продуктов Альт Линукс:
https://cve.basealt.ru/
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
Для OpenSUSE:
https://www.suse.com/security/cve/CVE-2018-12362/
Для продуктов Red Hat:
https://access.redhat.com/security/cve/CVE-2018-12362
Для ОС РОСА Кобальт:
http://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-07-04.002
Reference
https://www.mozilla.org/security/advisories/mfsa2018-15/
https://www.mozilla.org/security/advisories/mfsa2018-16/
https://www.mozilla.org/security/advisories/mfsa2018-17/
https://www.mozilla.org/security/advisories/mfsa2018-18/
https://www.mozilla.org/security/advisories/mfsa2018-19/
https://usn.ubuntu.com/3705-1/
https://usn.ubuntu.com/3714-1/
https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.htm
l
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-08072019.html
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-31072019.html
https://access.redhat.com/security/cve/cve-2018-12362
https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734
http://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-07-04.002
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
CWE
CWE-120, CWE-190
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Mozilla Corp., \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f), 15.0 (OpenSUSE Leap), 8 (Debian GNU/Linux), \u0434\u043e 61 (Firefox), \u0434\u043e 52.9 (Firefox ESR), \u0434\u043e 52.9 (Thunderbird), \u043e\u0442 52.9.1 \u0434\u043e 60.0 (Thunderbird), \u043e\u0442 53.0 \u0434\u043e 60.1.0 (Firefox ESR), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), - (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-15/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-16/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-17/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-18/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-19/\n\n\n\n\u0414\u043b\u044f Ubuntu:\n\nhttps://usn.ubuntu.com/3705-1/\n\nhttps://usn.ubuntu.com/3714-1/\n\n\n\n\u0414\u043b\u044f Debian GNU/Linux:\n\nhttps://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\n\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\n\n\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441:\nhttps://cve.basealt.ru/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\n\n\u0414\u043b\u044f OpenSUSE:\nhttps://www.suse.com/security/cve/CVE-2018-12362/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/CVE-2018-12362\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442:\nhttp://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-07-04.002",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.06.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.10.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03464",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-12362",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f, Firefox, Firefox ESR, Thunderbird, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 7.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 17.10 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440 - , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f - , Novell Inc. OpenSUSE Leap 15.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120), \u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u043c\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e SSSE3",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.mozilla.org/security/advisories/mfsa2018-15/\nhttps://www.mozilla.org/security/advisories/mfsa2018-16/\nhttps://www.mozilla.org/security/advisories/mfsa2018-17/ \nhttps://www.mozilla.org/security/advisories/mfsa2018-18/\n\nhttps://www.mozilla.org/security/advisories/mfsa2018-19/\n\nhttps://usn.ubuntu.com/3705-1/\n\nhttps://usn.ubuntu.com/3714-1/\n\nhttps://lists.debian.org/debian-lts-announce/2018/07/msg00013.html\n\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.htm\nl\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-08072019.html\n\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-31072019.html\n\nhttps://access.redhat.com/security/cve/cve-2018-12362\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\nhttp://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-07-04.002\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120, CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2018-AVI-309
Vulnerability from certfr_avis - Published: 2018-06-27 - Updated: 2018-06-27
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox toutes versions ant\u00e9rieures \u00e0 61",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 52.9",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 60.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12367",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
},
{
"name": "CVE-2018-12371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
},
{
"name": "CVE-2018-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5186"
},
{
"name": "CVE-2018-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
},
{
"name": "CVE-2018-12359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
},
{
"name": "CVE-2018-12361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
},
{
"name": "CVE-2018-12358",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12358"
},
{
"name": "CVE-2018-12360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
},
{
"name": "CVE-2018-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
},
{
"name": "CVE-2018-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
},
{
"name": "CVE-2018-12370",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12370"
},
{
"name": "CVE-2018-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
},
{
"name": "CVE-2018-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
},
{
"name": "CVE-2018-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
},
{
"name": "CVE-2018-12368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
},
{
"name": "CVE-2018-12365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
},
{
"name": "CVE-2018-12366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
},
{
"name": "CVE-2018-12369",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12369"
}
],
"initial_release_date": "2018-06-27T00:00:00",
"last_revision_date": "2018-06-27T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-309",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-17 du 26 juin 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-16 du 26 juin 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-15 du 26 juin 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"
}
]
}
CERTFR-2018-AVI-322
Vulnerability from certfr_avis - Published: 2018-07-04 - Updated: 2018-07-04
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 52.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 52.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12374",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12374"
},
{
"name": "CVE-2018-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
},
{
"name": "CVE-2018-12359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
},
{
"name": "CVE-2018-12373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12373"
},
{
"name": "CVE-2018-12360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
},
{
"name": "CVE-2018-12372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12372"
},
{
"name": "CVE-2018-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
},
{
"name": "CVE-2018-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
},
{
"name": "CVE-2018-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
},
{
"name": "CVE-2018-12368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
},
{
"name": "CVE-2018-12365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
},
{
"name": "CVE-2018-12366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
}
],
"initial_release_date": "2018-07-04T00:00:00",
"last_revision_date": "2018-07-04T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-18 du 03 juillet 2018",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/"
}
]
}
CERTFR-2018-AVI-373
Vulnerability from certfr_avis - Published: 2018-08-07 - Updated: 2018-08-07
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Mozilla Thunderbird versions antérieures à 60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12367",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
},
{
"name": "CVE-2018-12371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
},
{
"name": "CVE-2018-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
},
{
"name": "CVE-2018-12359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
},
{
"name": "CVE-2018-12361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
},
{
"name": "CVE-2018-12360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
},
{
"name": "CVE-2018-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
},
{
"name": "CVE-2018-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
},
{
"name": "CVE-2018-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
},
{
"name": "CVE-2018-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
},
{
"name": "CVE-2018-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
},
{
"name": "CVE-2018-12368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
},
{
"name": "CVE-2018-12365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
},
{
"name": "CVE-2018-12366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
}
],
"initial_release_date": "2018-08-07T00:00:00",
"last_revision_date": "2018-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-373",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-19 du 06 ao\u00fbt 2018",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-19/"
}
]
}
CNVD-2018-12397
Vulnerability from cnvd - Published: 2018-06-30
VLAI
Title
Mozilla Firefox和Firefox整数溢出漏洞(CNVD-2018-12397)
Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中的SSSE3 scaler存在整数溢出漏洞。远程攻击者可借助特制的网站利用该漏洞执行任意代码或造成拒绝服务(崩溃)。
Severity
高
Patch Name
Mozilla Firefox和Firefox整数溢出漏洞(CNVD-2018-12397)的补丁
Patch Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中的SSSE3 scaler存在整数溢出漏洞。远程攻击者可借助特制的网站利用该漏洞执行任意代码或造成拒绝服务(崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
Reference
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
Impacted products
| Name | ['Mozilla Firefox <61', 'Mozilla Firefox ESR <52.9', 'Mozilla Firefox ESR <60.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-12362"
}
},
"description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684SSSE3 scaler\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
"discovererName": "F. Alonso (revskills)",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-12397",
"openTime": "2018-06-30",
"patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684SSSE3 scaler\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cFirefox\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2018-12397\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c61",
"Mozilla Firefox ESR \u003c52.9",
"Mozilla Firefox ESR \u003c60.1"
]
},
"referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
"serverity": "\u9ad8",
"submitTime": "2018-06-27",
"title": "Mozilla Firefox\u548cFirefox\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2018-12397\uff09"
}
FKIE_CVE-2018-12362
Vulnerability from fkie_nvd - Published: 2018-10-18 13:29 - Updated: 2024-11-21 03:45
Severity
Summary
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F47E7EA-86AF-46A8-8E17-3360A8AE8492",
"versionEndExcluding": "61.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C21C-B987-4585-BE32-7D9CB9FC1C24",
"versionEndExcluding": "60.1.0",
"versionStartIncluding": "53.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C8C7E3-CDC4-4C30-A98D-CC55BF72A404",
"versionEndExcluding": "52.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8131415-A73C-42F1-BB3E-E5F09CDD7FC4",
"versionEndExcluding": "52.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C153A53-86A9-4EE3-8F40-733F844F371F",
"versionEndExcluding": "60.0",
"versionStartIncluding": "52.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
},
{
"lang": "es",
"value": "Puede ocurrir un desbordamiento de enteros durante las operaciones de gr\u00e1ficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61."
}
],
"id": "CVE-2018-12362",
"lastModified": "2024-11-21T03:45:03.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T13:29:01.383",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-68C7-J9QG-3XV4
Vulnerability from github – Published: 2022-05-14 01:53 – Updated: 2024-10-21 15:32
VLAI
Details
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-12362"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-18T13:29:00Z",
"severity": "HIGH"
},
"details": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"id": "GHSA-68c7-j9qg-3xv4",
"modified": "2024-10-21T15:32:20Z",
"published": "2022-05-14T01:53:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12362"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3714-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3705-1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-12362
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-12362",
"description": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"id": "GSD-2018-12362",
"references": [
"https://www.suse.com/security/cve/CVE-2018-12362.html",
"https://www.debian.org/security/2018/dsa-4244",
"https://www.debian.org/security/2018/dsa-4235",
"https://access.redhat.com/errata/RHSA-2018:2252",
"https://access.redhat.com/errata/RHSA-2018:2251",
"https://access.redhat.com/errata/RHSA-2018:2113",
"https://access.redhat.com/errata/RHSA-2018:2112",
"https://ubuntu.com/security/CVE-2018-12362",
"https://advisories.mageia.org/CVE-2018-12362.html",
"https://security.archlinux.org/CVE-2018-12362",
"https://linux.oracle.com/cve/CVE-2018-12362.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-12362"
],
"details": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"id": "GSD-2018-12362",
"modified": "2023-12-13T01:22:30.080886Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.1"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "61"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow in SSSE3 scaler"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-18/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "DSA-4244",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"name": "104560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "RHSA-2018:2252",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name": "RHSA-2018:2251",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "USN-3714-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12362"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.9"
},
{
"version_affected": "\u003c",
"version_value": "60.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "61"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.9"
},
{
"version_affected": "\u003c",
"version_value": "60"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.9, Firefox ESR \u003c 60.1, Firefox \u003c 61, Thunderbird \u003c 52.9, and Thunderbird \u003c 60."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow in SSSE3 scaler"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "60.1.0",
"versionStartIncluding": "53.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "52.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "61.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "52.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "60.0",
"versionStartIncluding": "52.9.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12362"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-18/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452375"
},
{
"name": "DSA-4244",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "USN-3714-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"name": "RHSA-2018:2252",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"name": "RHSA-2018:2251",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "104560",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-13"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-12-03T20:11Z",
"publishedDate": "2018-10-18T13:29Z"
}
}
}
OPENSUSE-SU-2018:2807-1
Vulnerability from csaf_opensuse - Published: 2018-08-16 07:40 - Updated: 2018-08-16 07:40Summary
Security update for seamonkey
Severity
Important
Notes
Title of the patch: Security update for seamonkey
Description of the patch: This update for seamonkey fixes the following issues:
Mozilla Seamonkey was updated to 2.49.4:
Now uses Gecko 52.9.1esr (boo#1098998).
Security issues fixed with MFSA 2018-16 (boo#1098998):
* CVE-2018-12359: Buffer overflow using computed size of canvas element
* CVE-2018-12360: Use-after-free when using focus()
* CVE-2018-12362: Integer overflow in SSSE3 scaler
* CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363: Use-after-free when appending DOM nodes
* CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365: Compromised IPC child process can list local filenames
* CVE-2018-12366: Invalid data handling during QCMS transformations
* CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Localizations finally included again (boo#1062195)
Updated summary and description to more accurately
reflect what SeaMonkey is, giving less prominence to the long-
discontinued Mozilla Application Suite that many users may no
longer be familiar with
Update to Seamonkey 2.49.2
* Gecko 52.6esr (including security relevant fixes) (boo#1077291)
* fix issue in Composer
* With some themes, the menulist- and history-dropmarker didn't show
* Scrollbars didn't show the buttons
* WebRTC has been disabled by default. It needs an add-on to enable it per site
* The active title bar was not visually emphasized
Correct requires and provides handling (boo#1076907)
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2018-873
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for seamonkey",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for seamonkey fixes the following issues:\n\nMozilla Seamonkey was updated to 2.49.4:\n\nNow uses Gecko 52.9.1esr (boo#1098998).\n\nSecurity issues fixed with MFSA 2018-16 (boo#1098998):\n\n* CVE-2018-12359: Buffer overflow using computed size of canvas element\n* CVE-2018-12360: Use-after-free when using focus()\n* CVE-2018-12362: Integer overflow in SSSE3 scaler\n* CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture\n* CVE-2018-12363: Use-after-free when appending DOM nodes\n* CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins\n* CVE-2018-12365: Compromised IPC child process can list local filenames\n* CVE-2018-12366: Invalid data handling during QCMS transformations\n* CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9\n\nLocalizations finally included again (boo#1062195)\n\nUpdated summary and description to more accurately\nreflect what SeaMonkey is, giving less prominence to the long-\ndiscontinued Mozilla Application Suite that many users may no\nlonger be familiar with\n\nUpdate to Seamonkey 2.49.2\n\n* Gecko 52.6esr (including security relevant fixes) (boo#1077291)\n* fix issue in Composer\n* With some themes, the menulist- and history-dropmarker didn\u0027t show\n* Scrollbars didn\u0027t show the buttons\n* WebRTC has been disabled by default. It needs an add-on to enable it per site\n* The active title bar was not visually emphasized\n\nCorrect requires and provides handling (boo#1076907)\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-873",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_2807-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:2807-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:2807-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV"
},
{
"category": "self",
"summary": "SUSE Bug 1020631",
"url": "https://bugzilla.suse.com/1020631"
},
{
"category": "self",
"summary": "SUSE Bug 1062195",
"url": "https://bugzilla.suse.com/1062195"
},
{
"category": "self",
"summary": "SUSE Bug 1076907",
"url": "https://bugzilla.suse.com/1076907"
},
{
"category": "self",
"summary": "SUSE Bug 1077291",
"url": "https://bugzilla.suse.com/1077291"
},
{
"category": "self",
"summary": "SUSE Bug 1098998",
"url": "https://bugzilla.suse.com/1098998"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
}
],
"title": "Security update for seamonkey",
"tracking": {
"current_release_date": "2018-08-16T07:40:05Z",
"generator": {
"date": "2018-08-16T07:40:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:2807-1",
"initial_release_date": "2018-08-16T07:40:05Z",
"revision_history": [
{
"date": "2018-08-16T07:40:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.49.4-bp150.3.3.1.aarch64",
"product": {
"name": "seamonkey-2.49.4-bp150.3.3.1.aarch64",
"product_id": "seamonkey-2.49.4-bp150.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"product": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"product_id": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"product": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"product_id": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.49.4-bp150.3.3.1.x86_64",
"product": {
"name": "seamonkey-2.49.4-bp150.3.3.1.x86_64",
"product_id": "seamonkey-2.49.4-bp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"product": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"product_id": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64",
"product": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64",
"product_id": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.49.4-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64"
},
"product_reference": "seamonkey-2.49.4-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.49.4-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64"
},
"product_reference": "seamonkey-2.49.4-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64"
},
"product_reference": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64"
},
"product_reference": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64"
},
"product_reference": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
},
"product_reference": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
}
]
}
OPENSUSE-SU-2018:3687-1
Vulnerability from csaf_opensuse - Published: 2018-11-09 08:34 - Updated: 2018-11-09 08:34Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.
Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28.
In general, these flaws cannot be exploited through email in Thunderbird because scripting
is disabled when reading mail, but are potentially risks in browser or browser-like contexts:
- CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998)
- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)
- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)
- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)
- CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998)
- CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998)
- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998)
- CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998)
- CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998)
- CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998)
- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998)
- CVE-2018-5187: Various memory safety bugs (bsc#1098998)
- CVE-2018-5188: Various memory safety bugs (bsc#1098998)
- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)
- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)
- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)
- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343)
- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)
- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)
- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin (bsc#1112852)
- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)
- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript (bsc#1112852)
These non-security issues were fixed:
- Fix date display issues (bsc#1109379)
- Fix start-up crash due to folder name with special characters (bsc#1107772)
- Storing of remote content settings fixed (bsc#1084603)
- Improved message handling and composing
- Improved handling of message templates
- Support for OAuth2 and FIDO U2F
- Various Calendar improvements
- Various fixes and changes to e-mail workflow
- Various IMAP fixes
- Native desktop notifications
- various theme fixes
- Shift+PageUp/PageDown in Write window
- Gloda attachment filtering
- Mailing list address auto-complete enter/return handling
- Thunderbird hung if HTML signature references non-existent image
- Filters not working for headers that appear more than once
Patchnames: openSUSE-2018-1360
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.\n\nMultiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28.\nIn general, these flaws cannot be exploited through email in Thunderbird because scripting\nis disabled when reading mail, but are potentially risks in browser or browser-like contexts:\n\n- CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998)\n- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)\n- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)\n- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)\n- CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998)\n- CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998)\n- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998)\n- CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998)\n- CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998)\n- CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998)\n- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998)\n- CVE-2018-5187: Various memory safety bugs (bsc#1098998)\n- CVE-2018-5188: Various memory safety bugs (bsc#1098998)\n- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)\n- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)\n- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)\n- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343)\n- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)\n- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)\n- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)\n- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)\n- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin (bsc#1112852)\n- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)\n- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript (bsc#1112852)\n \nThese non-security issues were fixed:\n\n- Fix date display issues (bsc#1109379)\n- Fix start-up crash due to folder name with special characters (bsc#1107772)\n- Storing of remote content settings fixed (bsc#1084603)\n- Improved message handling and composing\n- Improved handling of message templates\n- Support for OAuth2 and FIDO U2F\n- Various Calendar improvements\n- Various fixes and changes to e-mail workflow \n- Various IMAP fixes\n- Native desktop notifications\n- various theme fixes\n- Shift+PageUp/PageDown in Write window\n- Gloda attachment filtering\n- Mailing list address auto-complete enter/return handling\n- Thunderbird hung if HTML signature references non-existent image\n- Filters not working for headers that appear more than once\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1360",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_3687-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:3687-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4/#BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:3687-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4/#BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4"
},
{
"category": "self",
"summary": "SUSE Bug 1066489",
"url": "https://bugzilla.suse.com/1066489"
},
{
"category": "self",
"summary": "SUSE Bug 1084603",
"url": "https://bugzilla.suse.com/1084603"
},
{
"category": "self",
"summary": "SUSE Bug 1098998",
"url": "https://bugzilla.suse.com/1098998"
},
{
"category": "self",
"summary": "SUSE Bug 1107343",
"url": "https://bugzilla.suse.com/1107343"
},
{
"category": "self",
"summary": "SUSE Bug 1107772",
"url": "https://bugzilla.suse.com/1107772"
},
{
"category": "self",
"summary": "SUSE Bug 1109363",
"url": "https://bugzilla.suse.com/1109363"
},
{
"category": "self",
"summary": "SUSE Bug 1109379",
"url": "https://bugzilla.suse.com/1109379"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16541 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12367 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12371 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12376 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12377 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12378 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12385 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12391 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16541 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2018-11-09T08:34:29Z",
"generator": {
"date": "2018-11-09T08:34:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:3687-1",
"initial_release_date": "2018-11-09T08:34:29Z",
"revision_history": [
{
"date": "2018-11-09T08:34:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-60.3.0-74.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16541"
}
],
"notes": [
{
"category": "general",
"text": "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16541",
"url": "https://www.suse.com/security/cve/CVE-2017-16541"
},
{
"category": "external",
"summary": "SUSE Bug 1066489 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1066489"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2017-16541"
},
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12361"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12361",
"url": "https://www.suse.com/security/cve/CVE-2018-12361"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12361",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12361"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-12367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12367"
}
],
"notes": [
{
"category": "general",
"text": "In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12367",
"url": "https://www.suse.com/security/cve/CVE-2018-12367"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12367",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12367"
},
{
"cve": "CVE-2018-12371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12371"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.1, Thunderbird \u003c 60, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12371",
"url": "https://www.suse.com/security/cve/CVE-2018-12371"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12371",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12371"
},
{
"cve": "CVE-2018-12376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12376"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12376",
"url": "https://www.suse.com/security/cve/CVE-2018-12376"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12376",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12376"
},
{
"cve": "CVE-2018-12377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12377"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12377",
"url": "https://www.suse.com/security/cve/CVE-2018-12377"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12377",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12377"
},
{
"cve": "CVE-2018-12378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12378"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12378",
"url": "https://www.suse.com/security/cve/CVE-2018-12378"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12378",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12378"
},
{
"cve": "CVE-2018-12383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12383"
}
],
"notes": [
{
"category": "general",
"text": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12383",
"url": "https://www.suse.com/security/cve/CVE-2018-12383"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12383",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12383"
},
{
"cve": "CVE-2018-12385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12385"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12385",
"url": "https://www.suse.com/security/cve/CVE-2018-12385"
},
{
"category": "external",
"summary": "SUSE Bug 1109363 for CVE-2018-12385",
"url": "https://bugzilla.suse.com/1109363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12385"
},
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12391"
}
],
"notes": [
{
"category": "general",
"text": "During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12391",
"url": "https://www.suse.com/security/cve/CVE-2018-12391"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12391",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12391"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-16541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16541"
}
],
"notes": [
{
"category": "general",
"text": "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16541",
"url": "https://www.suse.com/security/cve/CVE-2018-16541"
},
{
"category": "external",
"summary": "SUSE Bug 1107421 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1107421"
},
{
"category": "external",
"summary": "SUSE Bug 1108027 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1108027"
},
{
"category": "external",
"summary": "SUSE Bug 1109105 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1109105"
},
{
"category": "external",
"summary": "SUSE Bug 1111479 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1111479"
},
{
"category": "external",
"summary": "SUSE Bug 1111480 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1111480"
},
{
"category": "external",
"summary": "SUSE Bug 1112229 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1112229"
},
{
"category": "external",
"summary": "SUSE Bug 1117022 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1117022"
},
{
"category": "external",
"summary": "SUSE Bug 1118455 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1118455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-16541"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5187"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5187",
"url": "https://www.suse.com/security/cve/CVE-2018-5187"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5187",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-5187"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…