{"id":"CVE-2018-12379","details":"When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.","modified":"2026-04-16T06:15:26.781926975Z","published":"2018-10-18T13:29:05.307Z","related":["SUSE-SU-2018:2890-1","SUSE-SU-2018:3591-1","SUSE-SU-2018:3591-2","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201810-01"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201811-13"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-25/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105280"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2692"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2693"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3458"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4327"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-20/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2018-21/"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041610"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3403"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1473113"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"fixed":"60.2.0"}]},{"events":[{"introduced":"0"},{"fixed":"62.0"}]},{"events":[{"introduced":"0"},{"fixed":"60.2.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12379.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}