7.5
HIGH

CVE-2018-18493

Published: 28/02/2019 Updated: 11/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.6, 3.6.2, 3.6.3, 3.6.4, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 3.6.26, 3.6.27, 3.6.28, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 11.0, 12.0, 13.0, 13.0.1, 14.0, 14.0.1, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0, 18.0.1, 18.0.2, 19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1, 24.0, 24.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 25.0.1, 26.0, 27.0, 27.0.1, 28.0, 29.0, 29.0.1, 30.0, 31.0, 31.1.0, 31.1.1, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 31.8.0, 32.0, 32.0.1, 32.0.2, 32.0.3, 33.0, 33.0.1, 33.0.2, 33.0.3, 33.1, 33.1.1, 34.0, 34.0.5, 35.0, 35.0.1, 36.0, 36.0.1, 36.0.3, 36.0.4, 37.0, 37.0.1, 37.0.2, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 39.0, 39.0.3, 40.0, 40.0.2, 40.0.3, 41.0, 41.0.1, 41.0.2, 42.0, 43.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 44.0, 44.0.1, 44.0.2, 45.0, 45.0.1, 45.0.2, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 46.0, 46.0.1, 47.0, 47.0.1, 47.0.2, 48.0, 48.0.1, 48.0.2, 49.0, 49.0.1, 49.0.2, 50.0, 50.0.1, 50.0.2, 51.0, 51.0.1, 52.0, 52.0.1, 52.0.2, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0, 53.0.2, 53.0.3, 54.0, 54.0.1, 55.0, 55.0.1, 55.0.2, 55.0.3, 56.0, 56.0.1, 56.0.2, 57.0, 57.0.1, 57.0.2, 57.0.3, 57.0.4, 58.0, 58.0.1, 58.0.2, 59.0, 59.0.1, 59.0.2, 59.0.3, 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.1, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 61.0, 61.0.1, 61.0.2, 62.0, 62.0.2, 62.0.3, 63.0, 63.0.1, 63.0.3
MozillaFirefox Esr10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 24.0, 24.0.1, 24.0.2, 24.1.0, 24.1.1, 24.2, 24.3, 24.4, 24.5, 24.6, 24.7, 24.8, 31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6, 31.8, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 45.0.2, 45.1.0, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0
MozillaThunderbird-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.8, 0.9, 1.0, 1.0.2, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5.0.2, 1.5.0.4, 1.5.0.5, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.12, 1.5.0.13, 1.5.0.14, 2.0, 2.0.0.0, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.9, 2.0.0.12, 2.0.0.14, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.21, 2.0.0.22, 2.0.0.23, 2.0.0.24, 2.0.14, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.3, 5.0, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 11.0, 11.0.1, 12.0, 12.0.1, 13.0, 13.0.1, 14.0, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, 24.0, 24.0.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 26.0, 27.0, 28.0, 29.0, 30.0, 31.0, 31.1.0, 31.1.1, 31.1.2, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.8.0, 32.0, 33.0, 34.0, 36.0, 37.0, 38.0, 38.0.1, 38.1.0, 38.2.0, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.6.0, 38.7.0, 38.7.1, 38.7.2, 38.8.0, 40.0, 41.0, 42.0, 43.0, 44.0, 45.0, 45.1, 45.1.0, 45.1.1, 45.2, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.7.1, 45.8.0, 47.0, 49.0, 50.0, 51.0, 52.0, 52.0.1, 52.1.0, 52.1.1, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.5.0, 52.5.2, 52.6.0, 52.7.0, 52.8.0, 52.9.0, 52.9.1, 53.0, 54.0, 55.0, 56.0, 57.0, 58.0, 59.0, 60.0, 60.2.1, 60.3.0
CanonicalUbuntu Linux14.04, 16.04, 18.04, 18.10
DebianDebian Linux8.0, 9.0
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Server Aus7.6
RedhatEnterprise Linux Server Eus7.6
RedhatEnterprise Linux Server Tus7.6
RedhatEnterprise Linux Workstation6.0, 7.0

Vendor Advisories

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized, the details for this candidate will be provided ...
A buffer overflow can occur in the Skia library use by Firefox &lt; 640, during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Several security issues were fixed in Thunderbird ...
Security vulnerabilities fixed in Thunderbird 604 Announced December 21, 2018 Impact critical Products Thunderbird Fixed in Thunderbird 604 ...
Security vulnerabilities fixed in Firefox ESR 604 Announced December 11, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 604 ...
Arch Linux Security Advisory ASA-201812-9 ========================================= Severity: Critical Date : 2018-12-12 CVE-ID : CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 Package : firefox Type : multiple issues Remote : Yes Li ...
Security vulnerabilities fixed in Firefox 64 Announced December 11, 2018 Impact critical Products Firefox Fixed in Firefox 64 ...
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit This results in a potentially exploitable crash This vulnerability affects Thunderbird &lt; 604, Firefox ESR &lt; 604, and Firefox &lt; 64(CVE-2018-18493 ) A same- ...
Oracle Linux Bulletin - Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released These bu ...
Oracle Solaris Third Party Bulletin - January 2019 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Criti ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-345-01) New mozilla-firefox packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-6040esr-i686-1_slack142 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4354-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff December 12, 2018 wwwdebianorg/security/faq ...

Github Repositories

BOTTOM novel - drama - learn - adobe - job - random - lecture_note clip studio blond character (background used in web official =&gt; cool, beauty!!!) learn node 2019 The UX notebook guru99 interview questions system fuzy wwwjournals4freecom/linkjsp?l=1286427 ADCAIJ: Advances in Distributed Computing and Artificial Intelligence Journal journal math science jou

References