Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12379

Опубликовано: 05 сент. 2018
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Отчет

This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1625528Mozilla: Out-of-bounds write with malicious MAR file

EPSS

Процентиль: 15%
0.0005
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12379

CVSS3: 7.8
ubuntu
почти 7 лет назад

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

nvd логотип

CVE-2018-12379

CVSS3: 7.8
nvd
почти 7 лет назад

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

debian логотип

CVE-2018-12379

CVSS3: 7.8
debian
почти 7 лет назад

When the Mozilla Updater opens a MAR format file which contains a very ...

github логотип

GHSA-77mg-phf5-3h8g

CVSS3: 7.8
github
около 3 лет назад

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

fstec логотип

BDU:2019-04296

CVSS3: 7.8
fstec
почти 7 лет назад

Уязвимость браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с записью за границы буфера памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 15%
0.0005
Низкий

7.8 High

CVSS3