Executive Summary

Informations
NameCVE-2018-18505First vendor Publication2019-02-05
VendorCveLast vendor Modification2019-10-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505

CWE : Common Weakness Enumeration

%idName
100 %CWE-287Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application410
Application119
Application346
Application1
Os4
Os2
Os2
Os2
Os1
Os1
Os1
Os2

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106781
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
https://www.mozilla.org/security/advisories/mfsa2019-01/
https://www.mozilla.org/security/advisories/mfsa2019-02/
https://www.mozilla.org/security/advisories/mfsa2019-03/
DEBIAN https://www.debian.org/security/2019/dsa-4376
https://www.debian.org/security/2019/dsa-4392
GENTOO https://security.gentoo.org/glsa/201903-04
https://security.gentoo.org/glsa/201904-07
MLIST https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
REDHAT https://access.redhat.com/errata/RHSA-2019:0218
https://access.redhat.com/errata/RHSA-2019:0219
https://access.redhat.com/errata/RHSA-2019:0269
https://access.redhat.com/errata/RHSA-2019:0270
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
UBUNTU https://usn.ubuntu.com/3874-1/
https://usn.ubuntu.com/3897-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
DateInformations
2019-10-03 09:21:02
  • Multiple Updates
2019-07-24 21:19:25
  • Multiple Updates
2019-07-20 17:19:13
  • Multiple Updates
2019-04-02 13:18:55
  • Multiple Updates
2019-03-13 21:19:49
  • Multiple Updates
2019-03-11 13:18:58
  • Multiple Updates
2019-02-27 21:19:51
  • Multiple Updates
2019-02-27 17:19:11
  • Multiple Updates
2019-02-23 09:19:20
  • Multiple Updates
2019-02-06 17:19:17
  • Multiple Updates
2019-02-06 00:18:56
  • First insertion