1
PublicDateAtUSN: 2018-03-15
2
Candidate: CVE-2018-5145
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145
6
https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
7
https://usn.ubuntu.com/usn/usn-3545-1
9
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed
10
evidence of memory corruption and we presume that with enough effort that
11
some of these could be exploited to run arbitrary code. This vulnerability
12
affects Firefox ESR < 52.7 and Thunderbird < 52.7.
15
tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine
16
chrisccoulson> It's not clear whether this affects mozjs52, as the bugs are
17
still private and some aren't referenced by any changesets. The following
19
- https://bugzilla.mozilla.org/show_bug.cgi?id=1348955
23
Assigned-to: chrisccoulson
26
upstream_firefox: not-affected
27
precise/esm_firefox: DNE
28
trusty_firefox: not-affected
29
xenial_firefox: not-affected
30
artful_firefox: not-affected
31
bionic_firefox: not-affected
32
devel_firefox: not-affected
35
Priority_thunderbird: low
36
upstream_thunderbird: released (52.7.0)
37
precise/esm_thunderbird: DNE
38
trusty_thunderbird: released (1:52.7.0+build1-0ubuntu0.14.04.1)
39
xenial_thunderbird: released (1:52.7.0+build1-0ubuntu0.16.04.1)
40
artful_thunderbird: released (1:52.7.0+build1-0ubuntu0.17.10.1)
41
bionic_thunderbird: released (1:52.7.0+build1-0ubuntu1)
42
devel_thunderbird: released (1:52.7.0+build1-0ubuntu1)
45
upstream_mozjs38: needs-triage
46
precise/esm_mozjs38: DNE
49
artful_mozjs38: needs-triage
50
bionic_mozjs38: needs-triage
51
devel_mozjs38: needs-triage
54
upstream_mozjs52: needs-triage
55
precise/esm_mozjs52: DNE
58
artful_mozjs52: deferred
59
bionic_mozjs52: deferred
60
devel_mozjs52: deferred
63
upstream_firefox-esr: released (52.7.0esr-1)
64
precise/esm_firefox-esr: DNE
65
trusty_firefox-esr: DNE
66
xenial_firefox-esr: DNE
67
artful_firefox-esr: DNE
68
bionic_firefox-esr: DNE
69
devel_firefox-esr: DNE