Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-18335 (GCVE-0-2018-18335)
Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08
VLAI
EPSS
Summary
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity
No CVSS data available.
CWE
- Heap buffer overflow
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2018/12/sta… | x_refsource_CONFIRM |
| https://crbug.com/895362 | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2018:3803 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2018/dsa-4352 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/106084 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201904-07 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201908-18 | vendor-advisoryx_refsource_GENTOO |
Impacted products
Date Public
2018-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/895362"
},
{
"name": "RHSA-2018:3803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201904-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"name": "openSUSE-SU-2019:1162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "71.0.3578.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-17T20:06:08.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/895362"
},
{
"name": "RHSA-2018:3803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201904-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"name": "openSUSE-SU-2019:1162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-18335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "71.0.3578.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/895362",
"refsource": "MISC",
"url": "https://crbug.com/895362"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201904-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"name": "openSUSE-SU-2019:1162",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-18335",
"datePublished": "2018-12-11T15:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-18335",
"date": "2026-05-30",
"epss": "0.04343",
"percentile": "0.89101"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-18335\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2018-12-11T16:29:00.747\",\"lastModified\":\"2024-11-21T03:55:44.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupci\u00f3n de la memoria din\u00e1mica (heap) mediante una p\u00e1gina HTML manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"71.0.3578.80\",\"matchCriteriaId\":\"CEC84646-AE0E-403B-903F-35E2D073FDC9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/106084\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3803\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/895362\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201904-07\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201908-18\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4352\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/106084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/895362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201904-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201908-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость графической библиотеки Skia браузера Google Chrome вызвана переполнением буфера в «куче». Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код или вызвать отказ в обслуживании с помощью специально сформированной веб-страницы
Severity
Vendor
АО «ИВК», Novell Inc., Google Inc, ООО «РусБИТех-Астра»
Software Name
Альт Линукс СПТ (запись в едином реестре российских программ №9), OpenSUSE Leap, Google Chrome, Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП Рабочая станция
Software Version
7.0 (Альт Линукс СПТ), 42.3 (OpenSUSE Leap), до 71.0.3578.80 (Google Chrome), 1.6 «Смоленск» (Astra Linux Special Edition), - (Альт 8 СП Рабочая станция), 15.0 (OpenSUSE Leap)
Possible Mitigations
Для chromium-browser:
Обновление программного обеспечения до 71.0.3578.80-1~deb9u1 или более поздней версии
Для OpenSUSE:
https://www.suse.com/security/cve/CVE-2018-18335/
Для Astra Linux:
Обновление программного обеспечения (пакета chromium-browser) до 71.0.3578.80-1~deb9u1 или более поздней версии
Для продуктов Альт Линукс:
https://cve.basealt.ru/
Reference
https://www.securitylab.ru/vulnerability/496829.php
https://www.cybersecurity-help.cz/vdb/SB2018120506?affChecked=1
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
CWE
CWE-122
{
"CVSS 2.0": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Novell Inc., Google Inc, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.0 (\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422), 42.3 (OpenSUSE Leap), \u0434\u043e 71.0.3578.80 (Google Chrome), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f), 15.0 (OpenSUSE Leap)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f chromium-browser:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 71.0.3578.80-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f OpenSUSE:\nhttps://www.suse.com/security/cve/CVE-2018-18335/\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 chromium-browser) \u0434\u043e 71.0.3578.80-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441:\nhttps://cve.basealt.ru/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.12.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.12.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01609",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-18335",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), OpenSUSE Leap, Google Chrome, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 7.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Novell Inc. OpenSUSE Leap 42.3 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f - , Novell Inc. OpenSUSE Leap 15.0 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Skia \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Skia \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u00ab\u043a\u0443\u0447\u0435\u00bb. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/vulnerability/496829.php\nhttps://www.cybersecurity-help.cz/vdb/SB2018120506?affChecked=1\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2018-AVI-585
Vulnerability from certfr_avis - Published: 2018-12-05 - Updated: 2018-12-05
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome toutes versions ant\u00e9rieures \u00e0 71.0.3578.80",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18352"
},
{
"name": "CVE-2018-18340",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18340"
},
{
"name": "CVE-2018-18359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18359"
},
{
"name": "CVE-2018-18341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18341"
},
{
"name": "CVE-2018-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18348"
},
{
"name": "CVE-2018-18346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18346"
},
{
"name": "CVE-2018-18357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18357"
},
{
"name": "CVE-2018-18347",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18347"
},
{
"name": "CVE-2018-17480",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17480"
},
{
"name": "CVE-2018-18338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18338"
},
{
"name": "CVE-2018-18349",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18349"
},
{
"name": "CVE-2018-18335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
},
{
"name": "CVE-2018-17481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17481"
},
{
"name": "CVE-2018-18342",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18342"
},
{
"name": "CVE-2018-18351",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18351"
},
{
"name": "CVE-2018-18337",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18337"
},
{
"name": "CVE-2018-18358",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18358"
},
{
"name": "CVE-2018-18336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18336"
},
{
"name": "CVE-2018-18344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18344"
},
{
"name": "CVE-2018-18339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18339"
},
{
"name": "CVE-2018-18356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
},
{
"name": "CVE-2018-18355",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18355"
},
{
"name": "CVE-2018-18354",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18354"
},
{
"name": "CVE-2018-18343",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18343"
},
{
"name": "CVE-2018-18353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18353"
},
{
"name": "CVE-2018-18350",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18350"
},
{
"name": "CVE-2018-18345",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18345"
}
],
"initial_release_date": "2018-12-05T00:00:00",
"last_revision_date": "2018-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 4 d\u00e9cembre 2018",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CERTFR-2019-AVI-058
Vulnerability from certfr_avis - Published: 2019-02-13 - Updated: 2019-02-14
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 65.0.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.5.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
},
{
"name": "CVE-2018-18335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
},
{
"name": "CVE-2018-18356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
},
{
"name": "CVE-2019-5785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5785"
}
],
"initial_release_date": "2019-02-13T00:00:00",
"last_revision_date": "2019-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-05\u00a0du 12 f\u00e9vrier 2019",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-05/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-04\u00a0du 12 f\u00e9vrier 2019",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-04/"
}
],
"reference": "CERTFR-2019-AVI-058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-13T00:00:00.000000"
},
{
"description": "Correction du num\u00e9ro de version de Firefox ESR",
"revision_date": "2019-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-05 du 12 f\u00e9vrier 2019",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-04 du 12 f\u00e9vrier 2019",
"url": null
}
]
}
CERTFR-2019-AVI-068
Vulnerability from certfr_avis - Published: 2019-02-15 - Updated: 2019-02-15
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 60.5.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 60.5.1",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
},
{
"name": "CVE-2018-18356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
},
{
"name": "CVE-2019-5785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5785"
},
{
"name": "CVE-2018-18509",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18509"
}
],
"initial_release_date": "2019-02-15T00:00:00",
"last_revision_date": "2019-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-068",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-06 du 14 f\u00e9vrier 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/"
}
]
}
Title
Google Chrome Skia缓冲区溢出漏洞(CNVD-2019-01585)
Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Skia是其中的一个开放源码的2D图形库,能够提供可在各种硬件和软件平台上工作的常见API。
Google Chrome 71.0.3578.80之前版本中的Skia存在缓冲区溢出漏洞。远程攻击者可借助特制的HTML页面利用该漏洞造成堆损坏。
Severity
中
Patch Name
Google Chrome Skia缓冲区溢出漏洞(CNVD-2019-01585)的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Skia是其中的一个开放源码的2D图形库,能够提供可在各种硬件和软件平台上工作的常见API。
Google Chrome 71.0.3578.80之前版本中的Skia存在缓冲区溢出漏洞。远程攻击者可借助特制的HTML页面利用该漏洞造成堆损坏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://chromereleases.googleblog.com/
Reference
https://chromereleases.googleblog.com/
https://www.securityfocus.com/bid/106084
Impacted products
| Name | Google Chrome <71.0.3578.80 |
|---|
{
"cves": {
"cve": [
{
"cveNumber": "CVE-2018-18335",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335"
},
{
"cveNumber": "106084"
}
]
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Skia\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u653e\u6e90\u7801\u76842D\u56fe\u5f62\u5e93\uff0c\u80fd\u591f\u63d0\u4f9b\u53ef\u5728\u5404\u79cd\u786c\u4ef6\u548c\u8f6f\u4ef6\u5e73\u53f0\u4e0a\u5de5\u4f5c\u7684\u5e38\u89c1API\u3002\n\nGoogle Chrome 71.0.3578.80\u4e4b\u524d\u7248\u672c\u4e2d\u7684Skia\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5806\u635f\u574f\u3002",
"discovererName": "Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup, Anonymous, Huyna at Viettel Cyber Security, cloudfuzzer, Zhe Jin,Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology, Tran Tien Hung (@hungtt28) of Viettel Cyber Security, Jann Horn of",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://chromereleases.googleblog.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-01585",
"openTime": "2019-01-11",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Skia\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u653e\u6e90\u7801\u76842D\u56fe\u5f62\u5e93\uff0c\u80fd\u591f\u63d0\u4f9b\u53ef\u5728\u5404\u79cd\u786c\u4ef6\u548c\u8f6f\u4ef6\u5e73\u53f0\u4e0a\u5de5\u4f5c\u7684\u5e38\u89c1API\u3002\r\n\r\nGoogle Chrome 71.0.3578.80\u4e4b\u524d\u7248\u672c\u4e2d\u7684Skia\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5806\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome Skia\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-01585\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c71.0.3578.80"
},
"referenceLink": "https://chromereleases.googleblog.com/\r\nhttps://www.securityfocus.com/bid/106084",
"serverity": "\u4e2d",
"submitTime": "2018-12-06",
"title": "Google Chrome Skia\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-01585\uff09"
}
FKIE_CVE-2018-18335
Vulnerability from fkie_nvd - Published: 2018-12-11 16:29 - Updated: 2024-11-21 03:55
Severity
Summary
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC84646-AE0E-403B-903F-35E2D073FDC9",
"versionEndExcluding": "71.0.3578.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupci\u00f3n de la memoria din\u00e1mica (heap) mediante una p\u00e1gina HTML manipulada."
}
],
"id": "CVE-2018-18335",
"lastModified": "2024-11-21T03:55:44.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-11T16:29:00.747",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/895362"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/895362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4352"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q7M5-388Q-5JGJ
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI
Details
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-18335"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-11T16:29:00Z",
"severity": "HIGH"
},
"details": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-q7m5-388q-5jgj",
"modified": "2022-05-13T01:19:34Z",
"published": "2022-05-13T01:19:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18335"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/895362"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106084"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-18335
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-18335",
"description": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2018-18335",
"references": [
"https://www.suse.com/security/cve/CVE-2018-18335.html",
"https://www.debian.org/security/2018/dsa-4352",
"https://access.redhat.com/errata/RHSA-2018:3803",
"https://advisories.mageia.org/CVE-2018-18335.html",
"https://security.archlinux.org/CVE-2018-18335"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-18335"
],
"details": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2018-18335",
"modified": "2023-12-13T01:22:36.033580Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-18335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "71.0.3578.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/895362",
"refsource": "MISC",
"url": "https://crbug.com/895362"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201904-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"name": "openSUSE-SU-2019:1162",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "71.0.3578.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-18335"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/895362",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/895362"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "106084",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201904-07",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"name": "openSUSE-SU-2019:1162",
"refsource": "SUSE",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2018-12-11T16:29Z"
}
}
}
OPENSUSE-SU-2018:4143-1
Vulnerability from csaf_opensuse - Published: 2018-12-15 09:27 - Updated: 2018-12-15 09:27Summary
Security update for Chromium
Severity
Important
Notes
Title of the patch: Security update for Chromium
Description of the patch: This update to Chromium 71.0.3578.98 fixes the following issues:
Security issues fixed (boo#1118529):
- CVE-2018-17480: Out of bounds write in V8
- CVE-2018-17481: Use after frees in PDFium
- CVE-2018-18335: Heap buffer overflow in Skia
- CVE-2018-18336: Use after free in PDFium
- CVE-2018-18337: Use after free in Blink
- CVE-2018-18338: Heap buffer overflow in Canvas
- CVE-2018-18339: Use after free in WebAudio
- CVE-2018-18340: Use after free in MediaRecorder
- CVE-2018-18341: Heap buffer overflow in Blink
- CVE-2018-18342: Out of bounds write in V8
- CVE-2018-18343: Use after free in Skia
- CVE-2018-18344: Inappropriate implementation in Extensions
- Multiple issues in SQLite via WebSQL
- CVE-2018-18345: Inappropriate implementation in Site Isolation
- CVE-2018-18346: Incorrect security UI in Blink
- CVE-2018-18347: Inappropriate implementation in Navigation
- CVE-2018-18348: Inappropriate implementation in Omnibox
- CVE-2018-18349: Insufficient policy enforcement in Blink
- CVE-2018-18350: Insufficient policy enforcement in Blink
- CVE-2018-18351: Insufficient policy enforcement in Navigation
- CVE-2018-18352: Inappropriate implementation in Media
- CVE-2018-18353: Inappropriate implementation in Network Authentication
- CVE-2018-18354: Insufficient data validation in Shell Integration
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter
- CVE-2018-18356: Use after free in Skia
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter
- CVE-2018-18358: Insufficient policy enforcement in Proxy
- CVE-2018-18359: Out of bounds read in V8
- Inappropriate implementation in PDFium
- Use after free in Extensions
- Inappropriate implementation in Navigation
- Insufficient policy enforcement in Navigation
- Insufficient policy enforcement in URL Formatter
- Various fixes from internal audits, fuzzing and other initiatives
- CVE-2018-17481: Use after free in PDFium (boo#1119364)
The following changes are included:
- advertisements posing as error messages are now blocked
- Automatic playing of content at page load mostly disabled
- New JavaScript API for relative time display
Patchnames: openSUSE-2018-1558
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.7 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
115 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Chromium 71.0.3578.98 fixes the following issues:\n\nSecurity issues fixed (boo#1118529):\n\n- CVE-2018-17480: Out of bounds write in V8\n- CVE-2018-17481: Use after frees in PDFium\n- CVE-2018-18335: Heap buffer overflow in Skia\n- CVE-2018-18336: Use after free in PDFium\n- CVE-2018-18337: Use after free in Blink\n- CVE-2018-18338: Heap buffer overflow in Canvas\n- CVE-2018-18339: Use after free in WebAudio\n- CVE-2018-18340: Use after free in MediaRecorder\n- CVE-2018-18341: Heap buffer overflow in Blink\n- CVE-2018-18342: Out of bounds write in V8\n- CVE-2018-18343: Use after free in Skia\n- CVE-2018-18344: Inappropriate implementation in Extensions\n- Multiple issues in SQLite via WebSQL\n- CVE-2018-18345: Inappropriate implementation in Site Isolation\n- CVE-2018-18346: Incorrect security UI in Blink\n- CVE-2018-18347: Inappropriate implementation in Navigation\n- CVE-2018-18348: Inappropriate implementation in Omnibox\n- CVE-2018-18349: Insufficient policy enforcement in Blink\n- CVE-2018-18350: Insufficient policy enforcement in Blink\n- CVE-2018-18351: Insufficient policy enforcement in Navigation\n- CVE-2018-18352: Inappropriate implementation in Media\n- CVE-2018-18353: Inappropriate implementation in Network Authentication\n- CVE-2018-18354: Insufficient data validation in Shell Integration\n- CVE-2018-18355: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18356: Use after free in Skia\n- CVE-2018-18357: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18358: Insufficient policy enforcement in Proxy\n- CVE-2018-18359: Out of bounds read in V8\n- Inappropriate implementation in PDFium\n- Use after free in Extensions\n- Inappropriate implementation in Navigation\n- Insufficient policy enforcement in Navigation\n- Insufficient policy enforcement in URL Formatter\n- Various fixes from internal audits, fuzzing and other initiatives\n- CVE-2018-17481: Use after free in PDFium (boo#1119364)\n\nThe following changes are included:\n\n- advertisements posing as error messages are now blocked\n- Automatic playing of content at page load mostly disabled\n- New JavaScript API for relative time display\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1558",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_4143-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:4143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:4143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"
},
{
"category": "self",
"summary": "SUSE Bug 1118529",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "self",
"summary": "SUSE Bug 1119364",
"url": "https://bugzilla.suse.com/1119364"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17480 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17481 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18336 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18337 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18338 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18339 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18340 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18341 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18342 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18343 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18344 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18345 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18346 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18347 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18348 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18349 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18350 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18351 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18352 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18353 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18354 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18355 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18357 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18359/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2018-12-15T09:27:33Z",
"generator": {
"date": "2018-12-15T09:27:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:4143-1",
"initial_release_date": "2018-12-15T09:27:33Z",
"revision_history": [
{
"date": "2018-12-15T09:27:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-71.0.3578.98-80.1.x86_64",
"product": {
"name": "chromedriver-71.0.3578.98-80.1.x86_64",
"product_id": "chromedriver-71.0.3578.98-80.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-71.0.3578.98-80.1.x86_64",
"product": {
"name": "chromium-71.0.3578.98-80.1.x86_64",
"product_id": "chromium-71.0.3578.98-80.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-71.0.3578.98-80.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64"
},
"product_reference": "chromedriver-71.0.3578.98-80.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-71.0.3578.98-80.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
},
"product_reference": "chromium-71.0.3578.98-80.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17480"
}
],
"notes": [
{
"category": "general",
"text": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17480",
"url": "https://www.suse.com/security/cve/CVE-2018-17480"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-17480",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-17480",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-17480"
},
{
"cve": "CVE-2018-17481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17481"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17481",
"url": "https://www.suse.com/security/cve/CVE-2018-17481"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1119364 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1119364"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-17481"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18336"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18336",
"url": "https://www.suse.com/security/cve/CVE-2018-18336"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18336",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18336",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18336"
},
{
"cve": "CVE-2018-18337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18337"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18337",
"url": "https://www.suse.com/security/cve/CVE-2018-18337"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18337",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18337",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18337"
},
{
"cve": "CVE-2018-18338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18338"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18338",
"url": "https://www.suse.com/security/cve/CVE-2018-18338"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18338",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18338",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18338"
},
{
"cve": "CVE-2018-18339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18339"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18339",
"url": "https://www.suse.com/security/cve/CVE-2018-18339"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18339",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18339",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18339"
},
{
"cve": "CVE-2018-18340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18340"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18340",
"url": "https://www.suse.com/security/cve/CVE-2018-18340"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18340",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18340",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18340"
},
{
"cve": "CVE-2018-18341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18341"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18341",
"url": "https://www.suse.com/security/cve/CVE-2018-18341"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18341",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18341",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18341"
},
{
"cve": "CVE-2018-18342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18342"
}
],
"notes": [
{
"category": "general",
"text": "Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18342",
"url": "https://www.suse.com/security/cve/CVE-2018-18342"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18342",
"url": "https://bugzilla.suse.com/1118529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18342"
},
{
"cve": "CVE-2018-18343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18343"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18343",
"url": "https://www.suse.com/security/cve/CVE-2018-18343"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18343",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18343",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18343"
},
{
"cve": "CVE-2018-18344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18344"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18344",
"url": "https://www.suse.com/security/cve/CVE-2018-18344"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18344",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18344",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18344"
},
{
"cve": "CVE-2018-18345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18345"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18345",
"url": "https://www.suse.com/security/cve/CVE-2018-18345"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18345",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18345",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18345"
},
{
"cve": "CVE-2018-18346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18346"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18346",
"url": "https://www.suse.com/security/cve/CVE-2018-18346"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18346",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18346",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18346"
},
{
"cve": "CVE-2018-18347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18347"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18347",
"url": "https://www.suse.com/security/cve/CVE-2018-18347"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18347",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18347",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18347"
},
{
"cve": "CVE-2018-18348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18348"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18348",
"url": "https://www.suse.com/security/cve/CVE-2018-18348"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18348",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18348",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18348"
},
{
"cve": "CVE-2018-18349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18349"
}
],
"notes": [
{
"category": "general",
"text": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18349",
"url": "https://www.suse.com/security/cve/CVE-2018-18349"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18349",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18349",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18349"
},
{
"cve": "CVE-2018-18350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18350"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18350",
"url": "https://www.suse.com/security/cve/CVE-2018-18350"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18350",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18350",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18350"
},
{
"cve": "CVE-2018-18351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18351"
}
],
"notes": [
{
"category": "general",
"text": "Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18351",
"url": "https://www.suse.com/security/cve/CVE-2018-18351"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18351",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18351",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18351"
},
{
"cve": "CVE-2018-18352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18352"
}
],
"notes": [
{
"category": "general",
"text": "Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18352",
"url": "https://www.suse.com/security/cve/CVE-2018-18352"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18352",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18352",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18352"
},
{
"cve": "CVE-2018-18353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18353"
}
],
"notes": [
{
"category": "general",
"text": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18353",
"url": "https://www.suse.com/security/cve/CVE-2018-18353"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18353",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18353",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18353"
},
{
"cve": "CVE-2018-18354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18354"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18354",
"url": "https://www.suse.com/security/cve/CVE-2018-18354"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18354",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18354",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18354"
},
{
"cve": "CVE-2018-18355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18355"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18355",
"url": "https://www.suse.com/security/cve/CVE-2018-18355"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18355",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18355",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18355"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18357"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18357",
"url": "https://www.suse.com/security/cve/CVE-2018-18357"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18357",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18357",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18357"
},
{
"cve": "CVE-2018-18358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18358"
}
],
"notes": [
{
"category": "general",
"text": "Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18358",
"url": "https://www.suse.com/security/cve/CVE-2018-18358"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18358",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18358",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18358"
},
{
"cve": "CVE-2018-18359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18359"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18359",
"url": "https://www.suse.com/security/cve/CVE-2018-18359"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18359",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18359",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18359"
}
]
}
OPENSUSE-SU-2019:0249-1
Vulnerability from csaf_opensuse - Published: 2019-02-26 09:44 - Updated: 2019-02-26 09:44Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird to version 60.5.1 fixes the following issues:
Security vulnerabilities addressed (MFSA 2019-03 MFSA 2018-31 bsc#1122983 and MFSA 2019-06 bsc#1125330):
- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.
This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures
showing mistekenly that emails bring a valid sugnature.
- CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18505: Privilege escalation through IPC channel messages
- CVE-2016-5824: DoS (use-after-free) via a crafted ics file
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs
Other bug fixes and changes:
* FileLink provider WeTransfer to upload large attachments
* Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
* More search engines: Google and DuckDuckGo available by default
in some locales
* During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
* Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
* New WebExtensions FileLink API to facilitate add-ons
* Fix decoding problems for messages with less common charsets
(cp932, cp936)
* New messages in the drafts folder (and other special or virtual
folders) will no longer be included in the new messages
notification
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
fault that potentially deleted saved passwords and private certificate
keys for users using a master password. Version 60.3.3 will prevent
the loss of data; affected users who have already upgraded to version
60.3.2 or earlier can restore the deleted key3.db file from backup
to complete the migration.
* Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
* Plain text markup with * for bold, / for italics, _ for underline
and | for code did not work when the enclosed text contained
non-ASCII characters
* While composing a message, a link not removed when link location
was removed in the link properties panel
* Encoding problems when exporting address books or messages using
the system charset. Messages are now always exported using the
UTF-8 encoding
* If the 'Date' header of a message was invalid, Jan 1970 or Dec 1969
was displayed. Now using date from 'Received' header instead.
* Body search/filtering didn't reliably ignore content of tags
* Inappropriate warning 'Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on
your computer' when installing add-ons
* Incorrect display of correspondents column since own email
address was not always detected
* Spurious 
 (encoded newline) inserted into drafts and sent email
* Double-clicking on a word in the Write window sometimes
launched the Advanced Property Editor or Link Properties dialog
* Fixe Cookie removal
* 'Download rest of message' was not working if global inbox was
used
* Fix Encoding problems for users (especially in Poland) when a
file was sent via a folder using 'Sent to > Mail recipient'
due to a problem in the Thunderbird MAPI interface
* According to RFC 4616 and RFC 5721, passwords containing
non-ASCII characters are encoded using UTF-8 which can lead to
problems with non-compliant providers, for example
office365.com. The SMTP LOGIN and POP3 USER/PASS
authentication methods are now using a Latin-1 encoding again
to work around this issue
* Fix shutdown crash/hang after entering an empty IMAP password
Patchnames: openSUSE-2019-249
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
72 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird to version 60.5.1 fixes the following issues:\n\nSecurity vulnerabilities addressed (MFSA 2019-03 MFSA 2018-31 bsc#1122983 and MFSA 2019-06 bsc#1125330):\n\n- CVE-2018-18356: Fixed a Use-after-free in Skia.\n- CVE-2019-5785: Fixed an Integer overflow in Skia.\n- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.\n This issue does not affect Linuc distributions.\n- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures\n showing mistekenly that emails bring a valid sugnature. \n- CVE-2018-18500: Use-after-free parsing HTML5 stream\n- CVE-2018-18505: Privilege escalation through IPC channel messages\n- CVE-2016-5824: DoS (use-after-free) via a crafted ics file\n- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5\n- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with\n TextureStorage11\n- CVE-2018-18492: Use-after-free with select element\n- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia\n- CVE-2018-18494: Same-origin policy violation using location attribute and\n performance.getEntries to steal cross-origin URLs\n- CVE-2018-18498: Integer overflow when calculating buffer sizes for images\n- CVE-2018-12405: Memory safety bugs\n\nOther bug fixes and changes:\n\n* FileLink provider WeTransfer to upload large attachments\n* Thunderbird now allows the addition of OpenSearch search engines\n from a local XML file using a minimal user inferface: [+] button\n to select a file an add, [-] to remove.\n* More search engines: Google and DuckDuckGo available by default\n in some locales\n* During account creation, Thunderbird will now detect servers\n using the Microsoft Exchange protocol. It will offer the\n installation of a 3rd party add-on (Owl) which supports that\n protocol.\n* Thunderbird now compatible with other WebExtension-based\n FileLink add-ons like the Dropbox add-on\n* New WebExtensions FileLink API to facilitate add-ons\n* Fix decoding problems for messages with less common charsets\n (cp932, cp936)\n* New messages in the drafts folder (and other special or virtual\n folders) will no longer be included in the new messages\n notification\n* Thunderbird 60 will migrate security databases (key3.db, cert8.db\n to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a\n fault that potentially deleted saved passwords and private certificate\n keys for users using a master password. Version 60.3.3 will prevent\n the loss of data; affected users who have already upgraded to version\n 60.3.2 or earlier can restore the deleted key3.db file from backup\n to complete the migration.\n* Address book search and auto-complete slowness introduced in\n Thunderbird 60.3.2\n* Plain text markup with * for bold, / for italics, _ for underline\n and | for code did not work when the enclosed text contained\n non-ASCII characters\n* While composing a message, a link not removed when link location\n was removed in the link properties panel\n* Encoding problems when exporting address books or messages using\n the system charset. Messages are now always exported using the\n UTF-8 encoding\n* If the \u0027Date\u0027 header of a message was invalid, Jan 1970 or Dec 1969\n was displayed. Now using date from \u0027Received\u0027 header instead.\n* Body search/filtering didn\u0027t reliably ignore content of tags\n* Inappropriate warning \u0027Thunderbird prevented the site\n (addons.thunderbird.net) from asking you to install software on\n your computer\u0027 when installing add-ons\n* Incorrect display of correspondents column since own email\n address was not always detected\n* Spurious \u0026#xA; (encoded newline) inserted into drafts and sent email\n* Double-clicking on a word in the Write window sometimes\n launched the Advanced Property Editor or Link Properties dialog\n* Fixe Cookie removal\n* \u0027Download rest of message\u0027 was not working if global inbox was\n used\n* Fix Encoding problems for users (especially in Poland) when a\n file was sent via a folder using \u0027Sent to \u003e Mail recipient\u0027\n due to a problem in the Thunderbird MAPI interface\n* According to RFC 4616 and RFC 5721, passwords containing\n non-ASCII characters are encoded using UTF-8 which can lead to\n problems with non-compliant providers, for example\n office365.com. The SMTP LOGIN and POP3 USER/PASS\n authentication methods are now using a Latin-1 encoding again\n to work around this issue\n* Fix shutdown crash/hang after entering an empty IMAP password\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-249",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0249-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0249-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F/#NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0249-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F/#NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F"
},
{
"category": "self",
"summary": "SUSE Bug 1122983",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "self",
"summary": "SUSE Bug 1125330",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18493 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18494 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18498 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18501 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18505 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18509 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5785/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2019-02-26T09:44:25Z",
"generator": {
"date": "2019-02-26T09:44:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0249-1",
"initial_release_date": "2019-02-26T09:44:25Z",
"revision_history": [
{
"date": "2019-02-26T09:44:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5824"
}
],
"notes": [
{
"category": "general",
"text": "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5824",
"url": "https://www.suse.com/security/cve/CVE-2016-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1015964 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1015964"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986631 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986631"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986639"
},
{
"category": "external",
"summary": "SUSE Bug 986642 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986642"
},
{
"category": "external",
"summary": "SUSE Bug 986658 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2016-5824"
},
{
"cve": "CVE-2018-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12405"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12405",
"url": "https://www.suse.com/security/cve/CVE-2018-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-12405"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18492"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18492",
"url": "https://www.suse.com/security/cve/CVE-2018-18492"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18492"
},
{
"cve": "CVE-2018-18493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18493"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18493",
"url": "https://www.suse.com/security/cve/CVE-2018-18493"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18493"
},
{
"cve": "CVE-2018-18494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18494"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18494",
"url": "https://www.suse.com/security/cve/CVE-2018-18494"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18494"
},
{
"cve": "CVE-2018-18498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18498"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18498",
"url": "https://www.suse.com/security/cve/CVE-2018-18498"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18498"
},
{
"cve": "CVE-2018-18500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18500"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18500",
"url": "https://www.suse.com/security/cve/CVE-2018-18500"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18500"
},
{
"cve": "CVE-2018-18501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18501"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18501",
"url": "https://www.suse.com/security/cve/CVE-2018-18501"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18501"
},
{
"cve": "CVE-2018-18505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18505"
}
],
"notes": [
{
"category": "general",
"text": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18505",
"url": "https://www.suse.com/security/cve/CVE-2018-18505"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18505"
},
{
"cve": "CVE-2018-18509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18509"
}
],
"notes": [
{
"category": "general",
"text": "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren\u0027t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird \u003c 60.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18509",
"url": "https://www.suse.com/security/cve/CVE-2018-18509"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18509",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18509"
},
{
"cve": "CVE-2019-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5785"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5785",
"url": "https://www.suse.com/security/cve/CVE-2019-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2019-5785"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…