CVE-2018-5145

CRITICAL

Firefox ESR < 52.7 - Memory Corruption

Title source: llm
STIX 2.1

Description

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

References (15)

Core 15
Core References
Issue Tracking, Permissions Required, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4139
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201811-13
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0527
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3545-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2018-09/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2018-07/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0526
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4155
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0648
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0647
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040514
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103384

Scores

CVSS v3 9.8
EPSS 0.0202
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (21)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
mozilla/firefox < 52.7.0
mozilla/thunderbird < 52.7.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
... and 11 more
Published Jun 11, 2018
Tracked Since Feb 18, 2026