csaf_suse - suse-su-2018:3476-1

suse-su-2018:3476-1

Vulnerability from csaf_suse

Published

2018-10-25 18:09

Modified

2018-10-25 18:09

Summary

Security update for MozillaFirefox

Notes

Title of the patch

Security update for MozillaFirefox

Description of the patch

This update for MozillaFirefox to 60.2.2ESR fixes the following issues: Security issues fixed: MFSA 2018-24: - CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the sandboxed content process (bsc#1110507) MFSA 2018-23: - CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) Non security issues fixed: - Avoid undefined behavior in IPC fd-passing code (bsc#1094767) - Fixed a startup crash affecting users migrating from older ESR releases - Clean up old NSS DB files after upgrading - Fixed an endianness problem in bindgen's handling of bitfields, which was causing Firefox to crash on startup on big-endian machines. Also, updates the cc crate, which was buggy in the version that was originally vendored in. (bsc#1109465)

Patchnames

SUSE-SLE-Module-Desktop-Applications-15-2018-2482

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\n  \nThis update for MozillaFirefox to 60.2.2ESR fixes the following issues:\n\nSecurity issues fixed:\n\nMFSA 2018-24:\n\n- CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution (bsc#1110506)\n- CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the sandboxed content process (bsc#1110507)\n\nMFSA 2018-23:\n\n- CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached data (bsc#1109363)\n- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)\n \nNon security issues fixed:\n\n- Avoid undefined behavior in IPC fd-passing code (bsc#1094767)\n- Fixed a startup crash affecting users migrating from older ESR releases\n- Clean up old NSS DB files after upgrading\n- Fixed an endianness problem in bindgen\u0027s handling of\n  bitfields, which was causing Firefox to crash on startup on big-endian\n  machines.  Also, updates the cc crate, which was buggy in the version\n  that was originally vendored in. (bsc#1109465)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Desktop-Applications-15-2018-2482",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3476-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3476-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183476-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3476-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004797.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1094767",
        "url": "https://bugzilla.suse.com/1094767"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1107343",
        "url": "https://bugzilla.suse.com/1107343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1109363",
        "url": "https://bugzilla.suse.com/1109363"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1109465",
        "url": "https://bugzilla.suse.com/1109465"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1110506",
        "url": "https://bugzilla.suse.com/1110506"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1110507",
        "url": "https://bugzilla.suse.com/1110507"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12383 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12383/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12385 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12385/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12386 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12386/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12387 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12387/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2018-10-25T18:09:44Z",
      "generator": {
        "date": "2018-10-25T18:09:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3476-1",
      "initial_release_date": "2018-10-25T18:09:44Z",
      "revision_history": [
        {
          "date": "2018-10-25T18:09:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.2-3.13.3.aarch64",
                "product": {
                  "name": "MozillaFirefox-60.2.2-3.13.3.aarch64",
                  "product_id": "MozillaFirefox-60.2.2-3.13.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.5.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
                "product": {
                  "name": "MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
                  "product_id": "MozillaFirefox-devel-60.2.2-3.13.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
                  "product_id": "MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
                  "product_id": "MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.2-3.13.3.ppc64le",
                "product": {
                  "name": "MozillaFirefox-60.2.2-3.13.3.ppc64le",
                  "product_id": "MozillaFirefox-60.2.2-3.13.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.5.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
                "product": {
                  "name": "MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
                  "product_id": "MozillaFirefox-devel-60.2.2-3.13.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.2-3.13.3.s390x",
                "product": {
                  "name": "MozillaFirefox-60.2.2-3.13.3.s390x",
                  "product_id": "MozillaFirefox-60.2.2-3.13.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.5.3.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.5.3.s390x",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.5.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
                  "product_id": "MozillaFirefox-translations-common-60.2.2-3.13.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
                  "product_id": "MozillaFirefox-translations-other-60.2.2-3.13.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.2-3.13.3.x86_64",
                "product": {
                  "name": "MozillaFirefox-60.2.2-3.13.3.x86_64",
                  "product_id": "MozillaFirefox-60.2.2-3.13.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.5.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
                  "product_id": "MozillaFirefox-devel-60.2.2-3.13.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
                  "product_id": "MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64",
                  "product_id": "MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.2-3.13.3.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64"
        },
        "product_reference": "MozillaFirefox-60.2.2-3.13.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.2-3.13.3.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le"
        },
        "product_reference": "MozillaFirefox-60.2.2-3.13.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.2-3.13.3.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x"
        },
        "product_reference": "MozillaFirefox-60.2.2-3.13.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.2-3.13.3.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64"
        },
        "product_reference": "MozillaFirefox-60.2.2-3.13.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.5.3.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.5.3.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.5.3.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.5.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.5.3.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.2.2-3.13.3.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64"
        },
        "product_reference": "MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.2.2-3.13.3.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le"
        },
        "product_reference": "MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.2.2-3.13.3.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12383",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12383"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12383",
          "url": "https://www.suse.com/security/cve/CVE-2018-12383"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2018-12383",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-25T18:09:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12383"
    },
    {
      "cve": "CVE-2018-12385",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12385"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12385",
          "url": "https://www.suse.com/security/cve/CVE-2018-12385"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1109363 for CVE-2018-12385",
          "url": "https://bugzilla.suse.com/1109363"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-25T18:09:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12385"
    },
    {
      "cve": "CVE-2018-12386",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12386"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12386",
          "url": "https://www.suse.com/security/cve/CVE-2018-12386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1110506 for CVE-2018-12386",
          "url": "https://bugzilla.suse.com/1110506"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-25T18:09:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12386"
    },
    {
      "cve": "CVE-2018-12387",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12387"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12387",
          "url": "https://www.suse.com/security/cve/CVE-2018-12387"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1110507 for CVE-2018-12387",
          "url": "https://bugzilla.suse.com/1110507"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.5.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.2-3.13.3.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.2-3.13.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-25T18:09:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12387"
    }
  ]
}

CVE-2018-12385 (GCVE-0-2018-12385)

Vulnerability from cvelistv5

Published

2018-10-18 13:00

Modified

2024-08-05 08:30

Severity ?

CWE

Crash in TransportSecurityInfo due to cached data

Summary

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201810-01	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/105380	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201811-13	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3778-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4327	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1041700	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2018-23/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2835	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3403	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1041701	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3458	vendor-advisory, x_refsource_REDHAT
	https://www.mozilla.org/security/advisories/mfsa2018-22/	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4304	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2834	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3793-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.mozilla.org/security/advisories/mfsa2018-25/	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1490585	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 60.2.1

	Mozilla	Firefox ESR	Version: unspecified < 60.2.1
	Mozilla	Firefox	Version: unspecified < 62.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "name": "105380",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105380"
          },
          {
            "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
          },
          {
            "name": "GLSA-201811-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "name": "USN-3778-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3778-1/"
          },
          {
            "name": "DSA-4327",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4327"
          },
          {
            "name": "1041700",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/"
          },
          {
            "name": "RHSA-2018:2835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2835"
          },
          {
            "name": "RHSA-2018:3403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3403"
          },
          {
            "name": "1041701",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041701"
          },
          {
            "name": "RHSA-2018:3458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3458"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-22/"
          },
          {
            "name": "DSA-4304",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4304"
          },
          {
            "name": "RHSA-2018:2834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2834"
          },
          {
            "name": "USN-3793-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3793-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "62.0.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Crash in TransportSecurityInfo due to cached data",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "name": "105380",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105380"
        },
        {
          "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
        },
        {
          "name": "GLSA-201811-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-13"
        },
        {
          "name": "USN-3778-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3778-1/"
        },
        {
          "name": "DSA-4327",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4327"
        },
        {
          "name": "1041700",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/"
        },
        {
          "name": "RHSA-2018:2835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2835"
        },
        {
          "name": "RHSA-2018:3403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3403"
        },
        {
          "name": "1041701",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041701"
        },
        {
          "name": "RHSA-2018:3458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3458"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-22/"
        },
        {
          "name": "DSA-4304",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4304"
        },
        {
          "name": "RHSA-2018:2834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2834"
        },
        {
          "name": "USN-3793-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3793-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-12385",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.2.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.2.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "62.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Crash in TransportSecurityInfo due to cached data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "105380",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105380"
            },
            {
              "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-13"
            },
            {
              "name": "USN-3778-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3778-1/"
            },
            {
              "name": "DSA-4327",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4327"
            },
            {
              "name": "1041700",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041700"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-23/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/"
            },
            {
              "name": "RHSA-2018:2835",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2835"
            },
            {
              "name": "RHSA-2018:3403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3403"
            },
            {
              "name": "1041701",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041701"
            },
            {
              "name": "RHSA-2018:3458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3458"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-22/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-22/"
            },
            {
              "name": "DSA-4304",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4304"
            },
            {
              "name": "RHSA-2018:2834",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2834"
            },
            {
              "name": "USN-3793-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3793-1/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-25/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490585",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-12385",
    "datePublished": "2018-10-18T13:00:00",
    "dateReserved": "2018-06-14T00:00:00",
    "dateUpdated": "2024-08-05T08:30:59.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12387 (GCVE-0-2018-12387)

Vulnerability from cvelistv5

Published

2018-10-18 13:00

Modified

2024-08-05 08:30

Severity ?

CWE

Summary

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201810-01	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/105460	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3778-1/	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.mozilla.org/show_bug.cgi?id=1493903	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4310	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2884	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1041770	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2018-24/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2881	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Mozilla

Firefox ESR

Version: unspecified < 60.2.2

Mozilla

Firefox

Version: unspecified < 62.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "name": "105460",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105460"
          },
          {
            "name": "USN-3778-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3778-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493903"
          },
          {
            "name": "DSA-4310",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4310"
          },
          {
            "name": "RHSA-2018:2884",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2884"
          },
          {
            "name": "1041770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041770"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
          },
          {
            "name": "RHSA-2018:2881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2881"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "62.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-20T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "name": "105460",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105460"
        },
        {
          "name": "USN-3778-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3778-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493903"
        },
        {
          "name": "DSA-4310",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4310"
        },
        {
          "name": "RHSA-2018:2884",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2884"
        },
        {
          "name": "1041770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041770"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
        },
        {
          "name": "RHSA-2018:2881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2881"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-12387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "62.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "105460",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105460"
            },
            {
              "name": "USN-3778-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3778-1/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493903",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493903"
            },
            {
              "name": "DSA-4310",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4310"
            },
            {
              "name": "RHSA-2018:2884",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2884"
            },
            {
              "name": "1041770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041770"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-24/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
            },
            {
              "name": "RHSA-2018:2881",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2881"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-12387",
    "datePublished": "2018-10-18T13:00:00",
    "dateReserved": "2018-06-14T00:00:00",
    "dateUpdated": "2024-08-05T08:30:59.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12383 (GCVE-0-2018-12383)

Vulnerability from cvelistv5

Published

2018-10-18 13:00

Modified

2024-08-05 08:30

Severity ?

CWE

Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

Summary

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201810-01	vendor-advisory, x_refsource_GENTOO
	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201811-13	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1475775	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4327	vendor-advisory, x_refsource_DEBIAN
	https://www.mozilla.org/security/advisories/mfsa2018-23/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2835	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3403	vendor-advisory, x_refsource_REDHAT
	https://www.mozilla.org/security/advisories/mfsa2018-20/	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041610	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/105276	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041701	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3458	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4304	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2834	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3793-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.mozilla.org/security/advisories/mfsa2018-25/	x_refsource_CONFIRM
	https://usn.ubuntu.com/3761-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor

Product

Version

▼

Mozilla

Firefox

Version: unspecified < 62

	Mozilla	Firefox ESR	Version: unspecified < 60.2.1
	Mozilla	Thunderbird	Version: unspecified < 60.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
          },
          {
            "name": "GLSA-201811-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775"
          },
          {
            "name": "DSA-4327",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4327"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/"
          },
          {
            "name": "RHSA-2018:2835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2835"
          },
          {
            "name": "RHSA-2018:3403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3403"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/"
          },
          {
            "name": "1041610",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041610"
          },
          {
            "name": "105276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105276"
          },
          {
            "name": "1041701",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041701"
          },
          {
            "name": "RHSA-2018:3458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3458"
          },
          {
            "name": "DSA-4304",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4304"
          },
          {
            "name": "RHSA-2018:2834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2834"
          },
          {
            "name": "USN-3793-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3793-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/"
          },
          {
            "name": "USN-3761-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3761-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "62",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
        },
        {
          "name": "GLSA-201811-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775"
        },
        {
          "name": "DSA-4327",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4327"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/"
        },
        {
          "name": "RHSA-2018:2835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2835"
        },
        {
          "name": "RHSA-2018:3403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3403"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/"
        },
        {
          "name": "1041610",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041610"
        },
        {
          "name": "105276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105276"
        },
        {
          "name": "1041701",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041701"
        },
        {
          "name": "RHSA-2018:3458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3458"
        },
        {
          "name": "DSA-4304",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4304"
        },
        {
          "name": "RHSA-2018:2834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2834"
        },
        {
          "name": "USN-3793-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3793-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/"
        },
        {
          "name": "USN-3761-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3761-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-12383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "62"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.2.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
            },
            {
              "name": "GLSA-201811-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-13"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775"
            },
            {
              "name": "DSA-4327",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4327"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-23/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/"
            },
            {
              "name": "RHSA-2018:2835",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2835"
            },
            {
              "name": "RHSA-2018:3403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3403"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-20/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/"
            },
            {
              "name": "1041610",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041610"
            },
            {
              "name": "105276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105276"
            },
            {
              "name": "1041701",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041701"
            },
            {
              "name": "RHSA-2018:3458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3458"
            },
            {
              "name": "DSA-4304",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4304"
            },
            {
              "name": "RHSA-2018:2834",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2834"
            },
            {
              "name": "USN-3793-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3793-1/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-25/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/"
            },
            {
              "name": "USN-3761-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3761-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-12383",
    "datePublished": "2018-10-18T13:00:00",
    "dateReserved": "2018-06-14T00:00:00",
    "dateUpdated": "2024-08-05T08:30:59.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12386 (GCVE-0-2018-12386)

Vulnerability from cvelistv5

Published

2018-10-18 13:00

Modified

2024-08-05 08:30

Severity ?

CWE

Type confusion in JavaScript

Summary

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201810-01	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/105460	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3778-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4310	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2884	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1041770	vdb-entry, x_refsource_SECTRACK
	https://bugzilla.mozilla.org/show_bug.cgi?id=1493900	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2018-24/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2881	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Mozilla

Firefox ESR

Version: unspecified < 60.2.2

Mozilla

Firefox

Version: unspecified < 62.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-01"
          },
          {
            "name": "105460",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105460"
          },
          {
            "name": "USN-3778-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3778-1/"
          },
          {
            "name": "DSA-4310",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4310"
          },
          {
            "name": "RHSA-2018:2884",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2884"
          },
          {
            "name": "1041770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041770"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
          },
          {
            "name": "RHSA-2018:2881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2881"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "60.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "62.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Type confusion in JavaScript",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-20T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201810-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-01"
        },
        {
          "name": "105460",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105460"
        },
        {
          "name": "USN-3778-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3778-1/"
        },
        {
          "name": "DSA-4310",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4310"
        },
        {
          "name": "RHSA-2018:2884",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2884"
        },
        {
          "name": "1041770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041770"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
        },
        {
          "name": "RHSA-2018:2881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2881"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-12386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "60.2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "62.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Type confusion in JavaScript"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-01"
            },
            {
              "name": "105460",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105460"
            },
            {
              "name": "USN-3778-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3778-1/"
            },
            {
              "name": "DSA-4310",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4310"
            },
            {
              "name": "RHSA-2018:2884",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2884"
            },
            {
              "name": "1041770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041770"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2018-24/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
            },
            {
              "name": "RHSA-2018:2881",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2881"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-12386",
    "datePublished": "2018-10-18T13:00:00",
    "dateReserved": "2018-06-14T00:00:00",
    "dateUpdated": "2024-08-05T08:30:59.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2018:3476-1

Vulnerability from csaf_suse

CVE-2018-12385 (GCVE-0-2018-12385)

Vulnerability from cvelistv5

CVE-2018-12387 (GCVE-0-2018-12387)

Vulnerability from cvelistv5

CVE-2018-12383 (GCVE-0-2018-12383)

Vulnerability from cvelistv5

CVE-2018-12386 (GCVE-0-2018-12386)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature