Vulnerability Details : CVE-2018-5159
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2018-5159
Probability of exploitation activity in the next 30 days: 12.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-5159
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-5159
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-5159
-
https://access.redhat.com/errata/RHSA-2018:1725
RHSA-2018:1725 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4199
Debian -- Security Information -- DSA-4199-1 firefox-esrThird Party Advisory
-
https://www.mozilla.org/security/advisories/mfsa2018-12/
Security vulnerabilities fixed in Firefox ESR 52.8 — MozillaVendor Advisory
-
https://www.debian.org/security/2018/dsa-4209
Debian -- Security Information -- DSA-4209-1 thunderbirdThird Party Advisory
-
https://security.gentoo.org/glsa/201811-13
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 201811-13) — Gentoo securityThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1441941
1441941 - (CVE-2018-5159) Skia and Firefox: Integer overflow in SkTDArray leading to out-of-bounds writeIssue Tracking;Permissions Required;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
[SECURITY] [DLA 1382-1] thunderbird security updateMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/44759/
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds WriteExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/104136
Mozilla Firefox and Firefox ESR Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.mozilla.org/security/advisories/mfsa2018-13/
Security vulnerabilities fixed in Thunderbird 52.8 — MozillaVendor Advisory
-
https://usn.ubuntu.com/3660-1/
USN-3660-1: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.gentoo.org/glsa/201810-01
Mozilla Firefox: Multiple vulnerabilities (GLSA 201810-01) — Gentoo securityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1414
RHSA-2018:1414 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1726
RHSA-2018:1726 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1415
RHSA-2018:1415 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3645-1/
USN-3645-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id/1040896
Mozilla Firefox Multiple Bugs Let Remote Users Spoof Filenames, Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.mozilla.org/security/advisories/mfsa2018-11/
Security vulnerabilities fixed in Firefox 60 — MozillaVendor Advisory
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
[SECURITY] [DLA 1376-1] firefox-esr security updateMailing List;Third Party Advisory
Products affected by CVE-2018-5159
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*