CVE-2018-5089

Name
CVE-2018-5089
Description
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-04/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-03/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-02/
Issue Tracking https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612
Third Party Advisory https://www.debian.org/security/2018/dsa-4102
Third Party Advisory https://www.debian.org/security/2018/dsa-4096
Third Party Advisory https://usn.ubuntu.com/3544-1/
Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html
Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0262
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0122
Third Party Advisory http://www.securitytracker.com/id/1040270
Third Party Advisory http://www.securityfocus.com/bid/102783
Third Party Advisory https://usn.ubuntu.com/3688-1/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* ubuntu_linux == None == 18.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* ubuntu_linux == None == 14.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* ubuntu_linux == None == 16.04
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* ubuntu_linux == None == 17.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
firefox-esr edge-community 52.6.0-r0 None fixed
firefox-esr 3.22-community 52.6.0-r0 None fixed
firefox-esr 3.21-community 52.6.0-r0 None fixed
firefox-esr 3.20-community 52.6.0-r0 None fixed
firefox-esr 3.19-community 52.6.0-r0 None fixed
firefox-esr 3.18-community 52.6.0-r0 None fixed
firefox-esr 3.17-community 52.6.0-r0 None fixed