CVE-2018-12379
CVSS v3.0
7.8 (High)
CVSS v2.0
4.6 (Medium)
EPSS
0.06 % (28th)
Affected Products
10
Advisories
20
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Weaknesses
- CWE-787
- Out-of-bounds Write
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2018-10-18 13:29:05
(6 years ago) - Updated Date
-
2018-12-06 18:10:56
(5 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...