CVE-2018-5089

CVE-2018-5089

Name

CVE-2018-5089

Description

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2018-04/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2018-03/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2018-02/
Issue Tracking	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612
Third Party Advisory	https://www.debian.org/security/2018/dsa-4102
Third Party Advisory	https://www.debian.org/security/2018/dsa-4096
Third Party Advisory	https://usn.ubuntu.com/3544-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html
Mailing List	https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:0262
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:0122
Third Party Advisory	http://www.securitytracker.com/id/1040270
Third Party Advisory	http://www.securityfocus.com/bid/102783
Third Party Advisory	https://usn.ubuntu.com/3688-1/

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-04/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-03/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-02/

Issue Tracking

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612

Third Party Advisory

https://www.debian.org/security/2018/dsa-4102

Third Party Advisory

https://www.debian.org/security/2018/dsa-4096

Third Party Advisory

https://usn.ubuntu.com/3544-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html

Mailing List

https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0262

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0122

Third Party Advisory

http://www.securitytracker.com/id/1040270

Third Party Advisory

http://www.securityfocus.com/bid/102783

Third Party Advisory

https://usn.ubuntu.com/3688-1/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`	ubuntu_linux	== None	== 18.04
`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`	ubuntu_linux	== None	== 14.04
`cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::`	ubuntu_linux	== None	== 16.04
`cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*`	ubuntu_linux	== None	== 17.10

CPE URI

Source package

Min version

Max version

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

ubuntu_linux

== None

== 18.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

ubuntu_linux

== None

== 14.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

ubuntu_linux

== None

== 16.04

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

ubuntu_linux

== None

== 17.10

References

Match rules

Vulnerable and fixed packages