exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2018-12385

Status Candidate

Overview

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

Related Files

Gentoo Linux Security Advisory 201811-13
Posted Nov 24, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-16541, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12371, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385, CVE-2018-12389, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-5125
MD5 | cb3a08958b6999e989e4f477c4399834
Red Hat Security Advisory 2018-3458-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3458-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385
MD5 | a84bad78e2f3169bba5e9897d778e3f4
Red Hat Security Advisory 2018-3403-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3403-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385
MD5 | cec4aa3dc9d2d284527dc37606d26f67
Debian Security Advisory 4327-1
Posted Oct 26, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4327-1 - Multiple memory safety errors and use-after-frees in Thunderbird may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385
MD5 | e1857fff050d1a013315f409a3b46c9e
Ubuntu Security Notice USN-3793-1
Posted Oct 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3793-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-12376, CVE-2018-12378, CVE-2018-12383, CVE-2018-12385
MD5 | 87fdc4d5aa1e208196180d7170d8f355
Ubuntu Security Notice USN-3778-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2018-12385, CVE-2018-12386, CVE-2018-12387
MD5 | c62ea9beea2ef5ac1b71a02d553818db
Gentoo Linux Security Advisory 201810-01
Posted Oct 2, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-16541, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12381, CVE-2018-12383, CVE-2018-12385, CVE-2018-12386, CVE-2018-12387, CVE-2018-5125, CVE-2018-5127
MD5 | 2ed8115633bd219ec3b7e1781a6f664a
Red Hat Security Advisory 2018-2835-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | 8f9c83d61cb277d76f94999c085df60b
Red Hat Security Advisory 2018-2834-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | b69b990087b2042ffe81272b960516ab
Debian Security Advisory 4304-1
Posted Sep 25, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4304-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code and local information disclosure.

tags | advisory, web, arbitrary, local, info disclosure
systems | linux, debian
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | cef96b7b3f669cea1394acd5d6046c39
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close