MGASA-2018-0420

Advisory lineage Upstream: 7 Downstream: 0

Upstream

CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396

Published: 27 Oct 2018, 09:45

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Oct 2018, 09:45

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated firefox packages fix security vulnerabilities Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389). Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390). Mozilla: Crash with nested event loops (CVE-2018-12392). Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393). Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395). Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396). Mozilla: WebExtension local file permission check bypass (CVE-2018-12397).

Affected Systems

mageia•firefox
< 60.3.0-1.mga6
mageia•firefox-l10n
< 60.3.0-1.mga6
mageia•nspr
< 4.20-1.mga6
mageia•nss
< 3.36.5-1.2.mga6
mageia•rootcerts
< 20181001.00-1.mga6

MGASA-2018-0420

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)