説明
Multiple serious vulnerabilities were found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information.
Below is a complete list of vulnerabilities:
- Vulnerability related to TransportSecurityInfo can be exploited to cause denial of service;
- Vulnerability related to master password can be exploited to obtain sensitive information.
Technical details
Vulnerability (1) only affects Firefox ESR 60.
Vulnerability (2) affects Firefox 60 and Firefox ESR.
Vulnerability (1) only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware.
オリジナルアドバイザリー
エクスプロイテーション
Public exploits exist for this vulnerability.
関連製品
CVEリスト
- CVE-2018-12383 high
- CVE-2018-12385 high
も参照してください
お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com
この脆弱性についての記述に不正確な点がありますか? お知らせください!