Home

CVE-2018-12393

Description

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.776

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2018-12393 are affected in Mozilla Firefox (x64) 86Windows
Vulnerability CVE-2018-12393 are affected in Mozilla Firefox 86Windows
Vulnerability CVE-2018-12393 are affected in Mozilla Firefox ESR (x64) 86Windows
Vulnerability CVE-2018-12393 are affected in Mozilla Firefox ESR 86Windows
Vulnerability CVE-2018-12393 are affected in Mozilla Thunderbird 86Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla Firefox (x64) 60.2Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla Firefox (x64) 62.99Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla Firefox ESR (x64) 60.2Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla Firefox ESR 60.2Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla Thunderbird 60.2Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla_Firefox 60.2Windows
Vulnerabilities CVE-2018-12393 are affected in Mozilla_Firefox 62.99Windows
Vulnerabilities CVE-2018-12393 are affected in Firefox ESR for Mac *Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac *Mac
Vulnerabilities CVE-2018-12393 are affected in Mozilla Firefox for Mac 60.0Mac
Vulnerabilities CVE-2018-12393 are affected in Mozilla Thunderbird for Mac *Mac
firefox-esr security update(DSA-4324-1) firefox-esr_60.3.0esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4324-1) firefox-esr_60.3.0esr-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4337-1) thunderbird_60.3.0-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4337-1) thunderbird_60.3.0-1~deb9u1_amd64.debLinux
(RHSA-2018:3005) firefox security and bug fix update firefox-60.3.0-1.el7_5.i686.rpmLinux
(RHSA-2018:3005) firefox security and bug fix update firefox-60.3.0-1.el7_5.x86_64.rpmLinux
(RHSA-2018:3006) firefox security update firefox-60.3.0-1.el6.i686.rpmLinux
(RHSA-2018:3006) firefox security update firefox-60.3.0-1.el6.x86_64.rpmLinux
(RHSA-2018:3531) thunderbird security update thunderbird-60.3.0-1.el6.i686.rpmLinux
(RHSA-2018:3531) thunderbird security update thunderbird-60.3.0-1.el6.x86_64.rpmLinux
(RHSA-2018:3532) thunderbird security update thunderbird-60.3.0-1.el7_5.x86_64.rpmLinux
SUSE-SU-2018:3749-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debuginfo-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debugsource-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-2(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-2(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-2(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-60.3.0-109.50.2.x86_64.rpmLinux
SUSE-SU-2018:3749-2(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-318711Mozilla Firefox (x64) (86.0.1)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-310844Mozilla Firefox ESR (x64) (60.9.0)
PATCH-310843Mozilla Firefox ESR (60.9.0)
PATCH-315938Mozilla Thunderbird (68.12.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234