QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12385

Published: Oct 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

Vendor	Product	Versions
Mozilla	Thunderbird	affected `unspecified - < 60.2.1`
Mozilla	Firefox ESR	affected `unspecified - < 60.2.1`
Mozilla	Firefox	affected `unspecified - < 62.0.2`

References

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_SECTRACK

https://www.mozilla.org/security/advisories/mfsa2018-23/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

https://www.mozilla.org/security/advisories/mfsa2018-22/

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

https://www.mozilla.org/security/advisories/mfsa2018-25/

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1490585

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.