CVE-2018-12385

Name
CVE-2018-12385
Description
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-25/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-23/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-22/
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1490585
Third Party Advisory https://www.debian.org/security/2018/dsa-4304
Third Party Advisory https://usn.ubuntu.com/3793-1/
Third Party Advisory https://usn.ubuntu.com/3778-1/
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2835
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2834
Third Party Advisory http://www.securitytracker.com/id/1041701
Third Party Advisory http://www.securitytracker.com/id/1041700
Third Party Advisory http://www.securityfocus.com/bid/105380
Third Party Advisory https://security.gentoo.org/glsa/201810-01
Third Party Advisory https://www.debian.org/security/2018/dsa-4327
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3403
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3458
Mailing List https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Third Party Advisory https://security.gentoo.org/glsa/201811-13

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* enterprise_linux_server_eus == None == 7.6
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* enterprise_linux_workstation == None == 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* enterprise_linux_desktop == None == 7.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* enterprise_linux_server == None == 6.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* enterprise_linux_server == None == 7.0
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* enterprise_linux_server_aus == None == 7.6
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* enterprise_linux_workstation == None == 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* enterprise_linux_desktop == None == 6.0
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* enterprise_linux_server_eus == None == 7.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* enterprise_linux_server_tus == None == 7.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status