CVE: CVE-2018-12366

Descrizione: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Vettore di attacco

Riferimenti esterni

• https://security.gentoo.org/glsa/201810-01
• https://www.mozilla.org/security/advisories/mfsa2018-15/
• https://access.redhat.com/errata/RHSA-2018:2112
• https://security.gentoo.org/glsa/201811-13
• https://www.debian.org/security/2018/dsa-4235
• https://www.mozilla.org/security/advisories/mfsa2018-18/
• https://access.redhat.com/errata/RHSA-2018:2113
• https://www.mozilla.org/security/advisories/mfsa2018-16/
• https://www.debian.org/security/2018/dsa-4244
• http://www.securityfocus.com/bid/104560
• http://www.securitytracker.com/id/1041193
• https://www.mozilla.org/security/advisories/mfsa2018-19/
• https://access.redhat.com/errata/RHSA-2018:2252
• https://www.mozilla.org/security/advisories/mfsa2018-17/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1464039
• https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
• https://access.redhat.com/errata/RHSA-2018:2251
• https://usn.ubuntu.com/3705-1/
• https://usn.ubuntu.com/3714-1/
• https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html

Prodotti interessati

• Mozilla – Thunderbird
• Mozilla – Firefox ESR
• Mozilla – Firefox

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2018
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Thunderbird
Anno: 2018
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2018
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2018)