CVE-2018-12385
Description
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.06
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2018-12385 are affected in Mozilla Firefox 62.0 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 60.0-beta9 | Mac |
| Vulnerabilities CVE-2018-12382,CVE-2018-12385 are affected in Mozilla Firefox for Mac 62.0 | Mac |
| Vulnerabilities CVE-2018-12383,CVE-2018-12385,CVE-2018-12386,CVE-2018-12387 are affected in Firefox ESR for Mac 60.2.0 | Mac |
| Vulnerabilities CVE-2018-12383,CVE-2018-12385,CVE-2018-12386,CVE-2018-12387 are affected in Mozilla Firefox for Mac 60.2.0 | Mac |
| Mozilla Open Source mail and newsgroup client (USN-3793-1) thunderbird_60.2.1+build1-0ubuntu0.14.04.2_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3793-1) thunderbird_60.2.1+build1-0ubuntu0.16.04.4_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3793-1) thunderbird_60.2.1+build1-0ubuntu0.16.04.4_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3793-1) thunderbird_60.2.1+build1-0ubuntu0.18.04.2_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3793-1) thunderbird_60.2.1+build1-0ubuntu0.18.04.2_amd64.deb | Linux |
| firefox-esr security update(DSA-4304-1) firefox-esr_60.2.1esr-1~deb9u1_i386.deb | Linux |
| firefox-esr security update(DSA-4304-1) firefox-esr_60.2.1esr-1~deb9u1_amd64.deb | Linux |
| (RHSA-2018:2834) firefox security update firefox-60.2.1-1.el6.i686.rpm | Linux |
| (RHSA-2018:2834) firefox security update firefox-60.2.1-1.el6.x86_64.rpm | Linux |
| (RHSA-2018:2835) firefox security update firefox-60.2.1-1.el7_5.i686.rpm | Linux |
| (RHSA-2018:2835) firefox security update firefox-60.2.1-1.el7_5.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234