CVE-2018-12390

{"id": "CVE-2018-12390", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-28T18:29:00.400", "references": [{"url": "http://www.securityfocus.com/bid/105718", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "http://www.securityfocus.com/bid/105769", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1041944", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3005", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3006", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3531", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3532", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201811-04", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201811-13", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/3801-1/", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/3868-1/", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.debian.org/security/2018/dsa-4324", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.debian.org/security/2018/dsa-4337", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-26/", "tags": ["Patch", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/", "tags": ["Patch", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-28/", "tags": ["Patch", "Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3."}, {"lang": "es", "value": "Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 62 y Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupci\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\u00edan explotar para ejecutar c\u00f3digo arbitrario. La vulnerabilidad afecta a Firefox en versiones anteriores a la 63, Firefox ESR en versiones anteriores a la 60.3 y Thunderbird en versiones anteriores a la 60.3."}], "lastModified": "2019-03-01T19:03:24.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90DBD77A-A6AD-4700-BF44-845313B4E16E", "versionEndExcluding": "63.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22534559-54C1-4D9E-ADC6-948D417971FE", "versionEndExcluding": "60.3.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C6DDE1-D17F-49AB-9521-C79D5B4618BD", "versionEndExcluding": "60.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}