The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note CVE-2018-12385

Firefox, Thunderbird: denial of service via TransportSecurityInfo

Synthesis of the vulnerability

An attacker can generate a fatal error via TransportSecurityInfo of Firefox/Thunderbird, in order to trigger a denial of service.
Vulnerable products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this weakness: 2/4.
Consequences of a hack: denial of service on client.
Hacker's origin: document.
Creation date: 24/09/2018.
Références of this bulletin: bulletinjan2019, CERTFR-2018-AVI-451, CERTFR-2018-AVI-469, CVE-2018-12385, DLA-1575-1, DSA-4304-1, DSA-4327-1, FEDORA-2018-3eed69eedc, FEDORA-2018-5f88837c1b, FEDORA-2018-a78cf5fcfc, FEDORA-2018-d64cb04921, MFSA-2018-23, MFSA-2018-25, openSUSE-SU-2018:2817-1, openSUSE-SU-2018:3051-1, openSUSE-SU-2018:3687-1, RHSA-2018:2834-01, RHSA-2018:2835-01, RHSA-2018:3403-01, RHSA-2018:3458-01, SSA:2018-265-01, SUSE-SU-2018:3247-1, SUSE-SU-2018:3476-1, SUSE-SU-2018:3591-1, SUSE-SU-2018:3591-2, USN-3778-1, USN-3793-1, VIGILANCE-VUL-27294.

Description of the vulnerability

An attacker can generate a fatal error via TransportSecurityInfo of Firefox/Thunderbird, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities bulletins. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.