A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
2018-06-11T21:29:09.453
2024-11-21T03:32:40.307
Modified
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | debian | debian_linux | 8.0 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | redhat | enterprise_linux | 5.0 | Yes |
Operating System | redhat | enterprise_linux | 6.0 | Yes |
Operating System | redhat | enterprise_linux | 7.0 | Yes |
Operating System | redhat | enterprise_linux_desktop | 5.0 | Yes |
Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
Operating System | redhat | enterprise_linux_server | 5.0 | Yes |
Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
Operating System | redhat | enterprise_linux_server_aus | 7.3 | Yes |
Operating System | redhat | enterprise_linux_server_aus | 7.4 | Yes |
Operating System | redhat | enterprise_linux_server_eus | 7.3 | Yes |
Operating System | redhat | enterprise_linux_server_eus | 7.4 | Yes |
Operating System | redhat | enterprise_linux_server_eus | 7.5 | Yes |
Operating System | redhat | enterprise_linux_workstation | 5.0 | Yes |
Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
Application | mozilla | thunderbird | < 52.3.0 | Yes |
Application | mozilla | firefox | < 55.0 | Yes |
Application | mozilla | firefox_esr | < 52.3.0 | Yes |