← Volver a CVEs
CVE-2018-12371
HIGH8.8
Descripcion
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado7/9/2020
Ultima modificacion11/25/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
mozilla:firefoxmozilla:thunderbird
Debilidades (CWE)
CWE-190
Referencias
https://bugzilla.mozilla.org/show_bug.cgi?id=1465686(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2018-15/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2018-16/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2018-19/(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1465686(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2018-15/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2018-16/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2018-19/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.