High severity8.8NVD Advisory· Published Feb 28, 2019· Updated Jun 17, 2026
CVE-2018-12389
CVE-2018-12389
Description
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24<60.3+ 1 more
- (no CPE)range: <60.3
- (no CPE)range: unspecified
<60.3+ 1 more
- (no CPE)range: <60.3
- (no CPE)range: unspecified
- osv-coords20 versionspkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 91.1.1-1.1+ 19 more
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-3.17.1
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-3.17.2
- (no CPE)range: < 60.3.0-74.2
Patches
Vulnerability mechanics
References
17- www.securityfocus.com/bid/105723nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/105769nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041944nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:3005nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3006nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3531nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3532nvdThird Party Advisory
- bugzilla.mozilla.org/buglist.cginvdBroken LinkIssue TrackingVendor Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00008.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00011.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201811-04nvdThird Party Advisory
- security.gentoo.org/glsa/201811-13nvdThird Party Advisory
- usn.ubuntu.com/3868-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4324nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4337nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2018-27/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2018-28/nvdVendor Advisory
News mentions
0No linked articles in our index yet.