CVE-2018-5183

CRITICAL

Mozilla - Memory Corruption

Title source: llm

Description

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

References (16)

Core 16

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1415

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201810-01

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1726

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1414

Issue Tracking, Permissions Required x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1454692

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201811-13

Vendor Advisory x_refsource_confirm

https://www.mozilla.org/security/advisories/mfsa2018-13/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3660-1/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040898

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4199

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1725

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104138

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4209

Vendor Advisory x_refsource_confirm

https://www.mozilla.org/security/advisories/mfsa2018-12/

Scores

CVSS v3 9.8

EPSS 0.0392

EPSS Percentile 88.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (20)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

mozilla/firefox < 52.8.0

mozilla/thunderbird < 52.8.0

mozilla/thunderbird_esr < 52.8.0

... and 10 more

Published Jun 11, 2018

Tracked Since Feb 18, 2026