Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12393

Опубликовано: 23 окт. 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable to this issue.. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2018:300624.10.2018
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2018:353109.11.2018
Red Hat Enterprise Linux 7firefoxFixedRHSA-2018:300524.10.2018
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2018:353209.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190->CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1642183Mozilla: Integer overflow during Unicode conversion while loading JavaScript

EPSS

Процентиль: 86%
0.02845
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12393

CVSS3: 7.5
ubuntu
больше 6 лет назад

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

nvd логотип

CVE-2018-12393

CVSS3: 7.5
nvd
больше 6 лет назад

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

debian логотип

CVE-2018-12393

CVSS3: 7.5
debian
больше 6 лет назад

A potential vulnerability was found in 32-bit builds where an integer ...

github логотип

GHSA-7372-3rg3-25vw

CVSS3: 7.5
github
около 3 лет назад

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

fstec логотип

BDU:2018-01442

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость обработчика JavaScript-сценариев веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 86%
0.02845
Низкий

7.5 High

CVSS3