Log

CVE-2018-5178 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ A buffer overflow was found in Thunderbird before 52.8, during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5178
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1443891
Notes
CVE-2018-5179 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in the ServiceWorker component of the chromium browser before 70.0.3538.67, due to a lack of limits on the update() function.
References
+ https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
+ https://bugs.chromium.org/p/chromium/issues/detail?id=805496
Notes
CVE-2018-5180 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur during WebGL operations in Firefox before 60.0. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1444086
Notes
CVE-2018-5181 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Access restriction bypass
Description
+ If a URL using the file: protocol is dragged and dropped onto an open tab of Firefox before 60.0 that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the noopener keyword.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5181
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1424107
Notes
CVE-2018-5182 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Access restriction bypass
Description
+ If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the address bar of Firefox before 60.0, the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1424107
Notes
CVE-2018-5183 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory corruption issues including invalid buffer reads and writes during graphic operations have been found in the Skia library.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5183
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1454692
Notes
CVE-2018-5184 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ A security issue has been found in Thunderbird before 52.8, where using remote content in S/MIME encrypted messages can lead to the disclosure of plaintext via chosen-ciphertext attack.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1411592
Notes
+ Very likely related to CVE-2017-17689 but Mozilla did not include any details so..
CVE-2018-5185 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through by user submitting an embedded form.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1450345
Notes
CVE-2018-5186 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 61.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5186
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1464872%2C1463329%2C1419373%2C1412882%2C1413033%2C1444673%2C1454448%2C1453505%2C1438671
Notes
CVE-2018-5187 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1461324%2C1414829%2C1395246%2C1467938%2C1461619%2C1425930%2C1438556%2C1454285%2C1459568%2C1463884
Notes