CVE-2018-12361
N/A
N/A
Summary
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Thunderbird | unspecified < 60 | affected |
| Mozilla | Firefox ESR | unspecified < 60.1 | affected |
| Mozilla | Firefox | unspecified < 61 | affected |
Weaknesses
- Integer overflow in SwizzleData
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201810-01
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://security.gentoo.org/glsa/201811-13
- https://www.debian.org/security/2018/dsa-4295
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- http://www.securitytracker.com/id/1041193
- https://www.mozilla.org/security/advisories/mfsa2018-19/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1463244
- http://www.securityfocus.com/bid/104558
- https://usn.ubuntu.com/3705-1/
References
- https://security.gentoo.org/glsa/201810-01
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://security.gentoo.org/glsa/201811-13
- https://www.debian.org/security/2018/dsa-4295
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- http://www.securitytracker.com/id/1041193
- https://www.mozilla.org/security/advisories/mfsa2018-19/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1463244
- http://www.securityfocus.com/bid/104558
- https://usn.ubuntu.com/3705-1/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.