VDB
CVE-2018-12371
CVE-2018-12371
PUBLISHED
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
EPSS 0.49% · 66.2th percentile
Risk Scores
EPSS Score
0.49%
66.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | firefox | *, 0, 60.0.2+build1-0ubuntu0.18.04.1 |
| Ubuntu:14.04:LTS | firefox | 32.0+build1-0ubuntu0.14.04.1, 32.0.3+build1-0ubuntu0.14.04.1, 33.0+build2-0ubuntu0.14.04.1 |
| Ubuntu:16.04:LTS | firefox | 48.0+build2-0ubuntu0.16.04.1, 49.0+build4-0ubuntu0.16.04.1, 49.0.2+build2-0ubuntu0.16.04.2 |
Exploit Intelligence
Timeline
- Jun 27, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-12371 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371 third-party-advisory
- https://ubuntu.com/security/notices/USN-3705-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-12371 third-party-advisory