CVE-2018-5089
Last modified
CVE-2018-5089 is a vulnerability of currently unknown severity. Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. EPSS estimates a 3.34% chance of exploitation in the next 30 days.
Description
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 17.10 |
| Canonical | Ubuntu Linux | 18.04 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Mozilla | Firefox | < 52.6.0 |
| Mozilla | Firefox | <= 58.0 |
| Mozilla | Thunderbird | < 52.6.0 |
References
- http://www.securityfocus.com/bid/102783Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040270Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0122Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:0262Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00030.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00036.htmlMailing List, Third Party Advisory
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://usn.ubuntu.com/3688-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4096Third Party Advisory
- https://www.debian.org/security/2018/dsa-4102Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-03/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-04/Vendor Advisory
- http://www.securityfocus.com/bid/102783Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040270Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0122Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:0262Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00030.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00036.htmlMailing List, Third Party Advisory
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://usn.ubuntu.com/3688-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4096Third Party Advisory
- https://www.debian.org/security/2018/dsa-4102Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-03/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-04/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5089?
How severe is CVE-2018-5089?
How do I fix CVE-2018-5089?
Are you affected by CVE-2018-5089?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST