When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-10-18T13:00:00
Updated: 2018-11-25T10:57:01
Reserved: 2018-06-14T00:00:00
Link: CVE-2018-12379
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-18T13:29:05.307
Modified: 2018-12-06T18:10:56.247
Link: CVE-2018-12379
JSON object: View
Redhat Information
No data.
CWE