CVE-2018-12361
thunderbird - security update
8.8
HIGH
CVSS 3.1
EPSS 1.1%
Description
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
How to fix CVE-2018-12361
To remediate CVE-2018-12361, upgrade the affected package to a fixed version below.
- —upgrade to 1:60.0-1 or later
- —upgrade to 1:60.0-3~deb9u1 or later
Is CVE-2018-12361 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:60.0-1
- from 0, < 1:60.0-3~deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |