PublicDateAtUSN: 2018-03-15
Candidate: CVE-2018-5144
PublicDate: 2018-06-11 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144
 https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 https://ubuntu.com/security/notices/USN-3545-1
Description:
 An integer overflow can occur during conversion of text to some Unicode
 character sets due to an unchecked length parameter. This vulnerability
 affects Firefox ESR < 52.7 and Thunderbird < 52.7.
Ubuntu-Description:
Notes:
 chrisccoulson> Affects ESR52 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chrisccoulson
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH]

Patches_firefox:
upstream_firefox: not-affected
precise/esm_firefox: DNE
trusty_firefox: not-affected
trusty/esm_firefox: DNE (trusty was not-affected)
xenial_firefox: not-affected
esm-infra/xenial_firefox: not-affected
artful_firefox: not-affected
bionic_firefox: not-affected
devel_firefox: not-affected

Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: released (52.7.0)
precise/esm_thunderbird: DNE
trusty_thunderbird: released (1:52.7.0+build1-0ubuntu0.14.04.1)
trusty/esm_thunderbird: DNE (trusty was released [1:52.7.0+build1-0ubuntu0.14.04.1])
xenial_thunderbird: released (1:52.7.0+build1-0ubuntu0.16.04.1)
esm-infra/xenial_thunderbird: released (1:52.7.0+build1-0ubuntu0.16.04.1)
artful_thunderbird: released (1:52.7.0+build1-0ubuntu0.17.10.1)
bionic_thunderbird: released (1:52.7.0+build1-0ubuntu1)
devel_thunderbird: released (1:52.7.0+build1-0ubuntu1)

Patches_firefox-esr:
upstream_firefox-esr: released (52.7.0esr-1)
precise/esm_firefox-esr: DNE
trusty_firefox-esr: DNE
trusty/esm_firefox-esr: DNE
xenial_firefox-esr: DNE
artful_firefox-esr: DNE
bionic_firefox-esr: DNE
devel_firefox-esr: DNE