| Revision Date: | 2018-10-18 | Version: | 1 | | Title: | CVE-2018-12379 on Ubuntu 18.04 LTS (bionic) - medium. | | Description: | When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-12379
| | Platform(s): | Ubuntu 18.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 18.04 LTS (bionic) is installed. AND Package Information
NOT firefox package in bionic, while related to the CVE in some way, is not affected.
OR NOT firefox-globalmenu package in bionic, while related to the CVE in some way, is not affected.
OR NOT firefox-mozsymbols package in bionic, while related to the CVE in some way, is not affected.
OR NOT firefox-testsuite package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird-globalmenu package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird-gnome-support package in bionic, while related to the CVE in some way, is not affected.
OR NOT thunderbird-mozsymbols package in bionic, while related to the CVE in some way, is not affected.
OR NOT xul-ext-calendar-timezones package in bionic, while related to the CVE in some way, is not affected.
OR NOT xul-ext-gdata-provider package in bionic, while related to the CVE in some way, is not affected.
OR NOT xul-ext-lightning package in bionic, while related to the CVE in some way, is not affected.
|
|