| Una vulnerabilità potenziale è stato trovato in 32 bit costruisce dove un integer overflow durante la conversione di script per un UTF-16 rappresentazione interna potrebbe causare allocare un buffer troppo piccolo per la conversione. Questo porta a una possibile scrittura fuori dal campo. * Nota: a 64 bit si basa non sono vulnerabili a questo problema. *. Questa vulnerabilità interessa Firefox <63, Firefox ESR <60.3, e Thunderbird <60.3. |
| http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 https://bugzilla.mozilla.org/show_bug.cgi?id=1495011 https://www.mozilla.org/security/advisories/mfsa2018-26/ https://www.mozilla.org/security/advisories/mfsa2018-27/ https://www.mozilla.org/security/advisories/mfsa2018-28/ https://www.debian.org/security/2018/dsa-4324 https://www.debian.org/security/2018/dsa-4337 https://security.gentoo.org/glsa/201811-04 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 http://www.securitytracker.com/id/1041944 https://usn.ubuntu.com/3801-1/ https://usn.ubuntu.com/3868-1/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393 |
Vulnerabilità: CVE-2018-12393
