PublicDateAtUSN: 2018-03-14
Candidate: CVE-2018-5125
PublicDate: 2018-06-11 21:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
 https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 https://ubuntu.com/security/notices/USN-3596-1
 https://ubuntu.com/security/notices/USN-3545-1
 https://ubuntu.com/security/notices/USN-3688-1
Description:
 Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some
 of these bugs showed evidence of memory corruption and we presume that with
 enough effort that some of these could be exploited to run arbitrary code.
 This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and
 Firefox < 59.
Ubuntu-Description: 
Notes: 
 tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: chrisccoulson
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_firefox: 
upstream_firefox: released (59.0)
precise/esm_firefox: DNE
trusty_firefox: released (59.0+build5-0ubuntu0.14.04.1)
trusty/esm_firefox: DNE (trusty was released [59.0+build5-0ubuntu0.14.04.1])
xenial_firefox: released (59.0+build5-0ubuntu0.16.04.1)
esm-infra/xenial_firefox: released (59.0+build5-0ubuntu0.16.04.1)
artful_firefox: released (59.0+build5-0ubuntu0.17.10.1)
bionic_firefox: released (59.0.1+build1-0ubuntu1)
cosmic_firefox: released (59.0.1+build1-0ubuntu1)
disco_firefox: released (59.0.1+build1-0ubuntu1)
eoan_firefox: released (59.0.1+build1-0ubuntu1)
focal_firefox: released (59.0.1+build1-0ubuntu1)
groovy_firefox: released (59.0.1+build1-0ubuntu1)
hirsute_firefox: released (59.0.1+build1-0ubuntu1)
impish_firefox: released (59.0.1+build1-0ubuntu1)
jammy_firefox: released (59.0.1+build1-0ubuntu1)
devel_firefox: released (59.0.1+build1-0ubuntu1)

Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: released (52.7.0)
precise/esm_thunderbird: DNE
trusty_thunderbird: released (1:52.7.0+build1-0ubuntu0.14.04.1)
trusty/esm_thunderbird: DNE (trusty was released [1:52.7.0+build1-0ubuntu0.14.04.1])
xenial_thunderbird: released (1:52.7.0+build1-0ubuntu0.16.04.1)
esm-infra/xenial_thunderbird: released (1:52.7.0+build1-0ubuntu0.16.04.1)
artful_thunderbird: released (1:52.7.0+build1-0ubuntu0.17.10.1)
bionic_thunderbird: released (1:52.7.0+build1-0ubuntu1)
cosmic_thunderbird: released (1:52.7.0+build1-0ubuntu1)
disco_thunderbird: released (1:52.7.0+build1-0ubuntu1)
eoan_thunderbird: released (1:52.7.0+build1-0ubuntu1)
focal_thunderbird: released (1:52.7.0+build1-0ubuntu1)
groovy_thunderbird: released (1:52.7.0+build1-0ubuntu1)
hirsute_thunderbird: released (1:52.7.0+build1-0ubuntu1)
impish_thunderbird: released (1:52.7.0+build1-0ubuntu1)
jammy_thunderbird: released (1:52.7.0+build1-0ubuntu1)
devel_thunderbird: released (1:52.7.0+build1-0ubuntu1)

Patches_mozjs38:
upstream_mozjs38: needs-triage
precise/esm_mozjs38: DNE
trusty_mozjs38: DNE
trusty/esm_mozjs38: DNE
xenial_mozjs38: DNE
artful_mozjs38: ignored (reached end-of-life)
bionic_mozjs38: needs-triage
cosmic_mozjs38: DNE
disco_mozjs38: DNE
eoan_mozjs38: DNE
focal_mozjs38: DNE
groovy_mozjs38: DNE
hirsute_mozjs38: DNE
impish_mozjs38: DNE
jammy_mozjs38: DNE
devel_mozjs38: DNE

Patches_mozjs52:
upstream_mozjs52: released (52.7.0)
precise/esm_mozjs52: DNE
trusty_mozjs52: DNE
trusty/esm_mozjs52: DNE
xenial_mozjs52: DNE
artful_mozjs52: released (52.8.1-0ubuntu0.17.10.1)
bionic_mozjs52: released (52.8.1-0ubuntu0.18.04.1)
cosmic_mozjs52: ignored (reached end-of-life)
disco_mozjs52: ignored (reached end-of-life)
eoan_mozjs52: ignored (reached end-of-life)
focal_mozjs52: needed
groovy_mozjs52: ignored (reached end-of-life)
hirsute_mozjs52: DNE
impish_mozjs52: DNE
jammy_mozjs52: DNE
devel_mozjs52: DNE