USN-3778-1
- Source
- https://ubuntu.com/security/notices/USN-3778-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3778-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-3778-1
- Upstream
- Related
- Published
- 2018-10-03T13:41:08Z
- Modified
- 2026-02-10T04:41:26Z
- Summary
- firefox vulnerabilities
- Details
-
A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385)
A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-12386)
It was discovered that the Array.prototype.push could leak memory addresses to the calling function in some circumstances. An attacker could exploit this in combination with another vulnerability to help execute arbitrary code. (CVE-2018-12387)
- References
Affected packages
Ubuntu:14.04:LTS / firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@62.0.3+build1-0ubuntu0.14.04.2?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed62.0.3+build1-0ubuntu0.14.04.2
Affected versions
24.*
24.0+build1-0ubuntu1
25.*
25.0+build3-0ubuntu0.13.10.1
28.*
28.0~b2+build1-0ubuntu2
28.0+build1-0ubuntu1
28.0+build2-0ubuntu1
28.0+build2-0ubuntu2
29.*
29.0+build1-0ubuntu0.14.04.2
30.*
30.0+build1-0ubuntu0.14.04.3
31.*
31.0+build1-0ubuntu0.14.04.1
32.*
32.0+build1-0ubuntu0.14.04.1
32.0.3+build1-0ubuntu0.14.04.1
33.*
33.0+build2-0ubuntu0.14.04.1
34.*
34.0+build2-0ubuntu0.14.04.1
35.*
35.0+build3-0ubuntu0.14.04.2
35.0.1+build1-0ubuntu0.14.04.1
36.*
36.0+build2-0ubuntu0.14.04.4
36.0.1+build2-0ubuntu0.14.04.1
36.0.4+build1-0ubuntu0.14.04.1
37.*
37.0+build2-0ubuntu0.14.04.1
37.0.1+build1-0ubuntu0.14.04.1
37.0.2+build1-0ubuntu0.14.04.1
38.*
38.0+build3-0ubuntu0.14.04.1
39.*
39.0+build5-0ubuntu0.14.04.1
39.0.3+build2-0ubuntu0.14.04.1
40.*
40.0+build4-0ubuntu0.14.04.1
40.0+build4-0ubuntu0.14.04.4
40.0.3+build1-0ubuntu0.14.04.1
41.*
41.0+build3-0ubuntu0.14.04.1
41.0.1+build2-0ubuntu0.14.04.1
41.0.2+build2-0ubuntu0.14.04.1
42.*
42.0+build2-0ubuntu0.14.04.1
43.*
43.0+build1-0ubuntu0.14.04.1
43.0.4+build3-0ubuntu0.14.04.1
44.*
44.0+build3-0ubuntu0.14.04.1
44.0.1+build2-0ubuntu0.14.04.1
44.0.2+build1-0ubuntu0.14.04.1
45.*
45.0+build2-0ubuntu0.14.04.1
45.0.1+build1-0ubuntu0.14.04.2
45.0.2+build1-0ubuntu0.14.04.1
46.*
46.0+build5-0ubuntu0.14.04.2
46.0.1+build1-0ubuntu0.14.04.3
47.*
47.0+build3-0ubuntu0.14.04.1
48.*
48.0+build2-0ubuntu0.14.04.1
49.*
49.0+build4-0ubuntu0.14.04.1
49.0.2+build2-0ubuntu0.14.04.1
50.*
50.0+build2-0ubuntu0.14.04.2
50.0.2+build1-0ubuntu0.14.04.1
50.1.0+build2-0ubuntu0.14.04.1
51.*
51.0.1+build2-0ubuntu0.14.04.1
51.0.1+build2-0ubuntu0.14.04.2
52.*
52.0+build2-0ubuntu0.14.04.1
52.0.1+build2-0ubuntu0.14.04.1
52.0.2+build1-0ubuntu0.14.04.1
53.*
53.0+build6-0ubuntu0.14.04.1
53.0.2+build1-0ubuntu0.14.04.2
53.0.3+build1-0ubuntu0.14.04.2
54.*
54.0+build3-0ubuntu0.14.04.1
55.*
55.0.1+build2-0ubuntu0.14.04.2
55.0.2+build1-0ubuntu0.14.04.1
56.*
56.0+build6-0ubuntu0.14.04.1
56.0+build6-0ubuntu0.14.04.2
57.*
57.0+build4-0ubuntu0.14.04.4
57.0+build4-0ubuntu0.14.04.5
57.0.1+build2-0ubuntu0.14.04.1
57.0.3+build1-0ubuntu0.14.04.1
57.0.4+build1-0ubuntu0.14.04.1
58.*
58.0+build6-0ubuntu0.14.04.1
58.0.1+build1-0ubuntu0.14.04.1
58.0.2+build1-0ubuntu0.14.04.1
59.*
59.0+build5-0ubuntu0.14.04.1
59.0.1+build1-0ubuntu0.14.04.1
59.0.2+build1-0ubuntu0.14.04.1
59.0.2+build1-0ubuntu0.14.04.4
60.*
60.0+build2-0ubuntu0.14.04.1
60.0.1+build2-0ubuntu0.14.04.1
60.0.2+build1-0ubuntu0.14.04.1
61.*
61.0+build3-0ubuntu0.14.04.2
61.0.1+build1-0ubuntu0.14.04.1
62.*
62.0+build2-0ubuntu0.14.04.3
62.0+build2-0ubuntu0.14.04.4
62.0+build2-0ubuntu0.14.04.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "62.0.3+build1-0ubuntu0.14.04.2",
"binary_name": "firefox"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.14.04.2",
"binary_name": "firefox-dev"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.14.04.2",
"binary_name": "firefox-globalmenu"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.14.04.2",
"binary_name": "firefox-mozsymbols"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.14.04.2",
"binary_name": "firefox-testsuite"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:14.04:LTS",
"cves": [
{
"id": "CVE-2018-12385",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-12386",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-12387",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3778-1.json"
Ubuntu:16.04:LTS / firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@62.0.3+build1-0ubuntu0.16.04.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed62.0.3+build1-0ubuntu0.16.04.2
Affected versions
41.*
41.0.2+build2-0ubuntu1
42.*
42.0+build2-0ubuntu1
44.*
44.0+build3-0ubuntu2
44.0.1+build1-0ubuntu1
44.0.2+build1-0ubuntu1
45.*
45.0+build2-0ubuntu1
45.0.1+build1-0ubuntu1
45.0.2+build1-0ubuntu1
46.*
46.0+build5-0ubuntu0.16.04.2
46.0.1+build1-0ubuntu0.16.04.2
47.*
47.0+build3-0ubuntu0.16.04.1
48.*
48.0+build2-0ubuntu0.16.04.1
49.*
49.0+build4-0ubuntu0.16.04.1
49.0.2+build2-0ubuntu0.16.04.2
50.*
50.0+build2-0ubuntu0.16.04.2
50.0.2+build1-0ubuntu0.16.04.1
50.1.0+build2-0ubuntu0.16.04.1
51.*
51.0.1+build2-0ubuntu0.16.04.1
51.0.1+build2-0ubuntu0.16.04.2
52.*
52.0+build2-0ubuntu0.16.04.1
52.0.1+build2-0ubuntu0.16.04.1
52.0.2+build1-0ubuntu0.16.04.1
53.*
53.0+build6-0ubuntu0.16.04.1
53.0.2+build1-0ubuntu0.16.04.2
53.0.3+build1-0ubuntu0.16.04.2
54.*
54.0+build3-0ubuntu0.16.04.1
55.*
55.0.1+build2-0ubuntu0.16.04.2
55.0.2+build1-0ubuntu0.16.04.1
56.*
56.0+build6-0ubuntu0.16.04.1
56.0+build6-0ubuntu0.16.04.2
57.*
57.0+build4-0ubuntu0.16.04.5
57.0+build4-0ubuntu0.16.04.6
57.0.1+build2-0ubuntu0.16.04.1
57.0.3+build1-0ubuntu0.16.04.1
57.0.4+build1-0ubuntu0.16.04.1
58.*
58.0+build6-0ubuntu0.16.04.1
58.0.1+build1-0ubuntu0.16.04.1
58.0.2+build1-0ubuntu0.16.04.1
59.*
59.0+build5-0ubuntu0.16.04.1
59.0.1+build1-0ubuntu0.16.04.1
59.0.2+build1-0ubuntu0.16.04.1
59.0.2+build1-0ubuntu0.16.04.3
60.*
60.0+build2-0ubuntu0.16.04.1
60.0.1+build2-0ubuntu0.16.04.1
60.0.2+build1-0ubuntu0.16.04.1
61.*
61.0+build3-0ubuntu0.16.04.2
61.0.1+build1-0ubuntu0.16.04.1
62.*
62.0+build2-0ubuntu0.16.04.3
62.0+build2-0ubuntu0.16.04.4
62.0+build2-0ubuntu0.16.04.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "62.0.3+build1-0ubuntu0.16.04.2",
"binary_name": "firefox"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.16.04.2",
"binary_name": "firefox-dev"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.16.04.2",
"binary_name": "firefox-globalmenu"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.16.04.2",
"binary_name": "firefox-mozsymbols"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.16.04.2",
"binary_name": "firefox-testsuite"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:16.04:LTS",
"cves": [
{
"id": "CVE-2018-12385",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-12386",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-12387",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3778-1.json"
Ubuntu:18.04:LTS / firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@62.0.3+build1-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed62.0.3+build1-0ubuntu0.18.04.1
Affected versions
56.*
56.0+build6-0ubuntu1
57.*
57.0.1+build2-0ubuntu1
59.*
59.0.1+build1-0ubuntu1
59.0.2+build1-0ubuntu1
60.*
60.0+build2-0ubuntu1
60.0.1+build2-0ubuntu0.18.04.1
60.0.2+build1-0ubuntu0.18.04.1
61.*
61.0+build3-0ubuntu0.18.04.1
61.0.1+build1-0ubuntu0.18.04.1
62.*
62.0+build2-0ubuntu0.18.04.3
62.0+build2-0ubuntu0.18.04.4
62.0+build2-0ubuntu0.18.04.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "62.0.3+build1-0ubuntu0.18.04.1",
"binary_name": "firefox"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.18.04.1",
"binary_name": "firefox-dev"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.18.04.1",
"binary_name": "firefox-globalmenu"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.18.04.1",
"binary_name": "firefox-mozsymbols"
},
{
"binary_version": "62.0.3+build1-0ubuntu0.18.04.1",
"binary_name": "firefox-testsuite"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:18.04:LTS",
"cves": [
{
"id": "CVE-2018-12385",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-12386",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-12387",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3778-1.json"