CVE-2018-12385

Priority
Description
A potentially exploitable crash in TransportSecurityInfo used for SSL can
be triggered by data stored in the local cache in the user profile
directory. This issue is only exploitable in combination with another
vulnerability allowing an attacker to write data into the local cache or
from locally installed malware. This issue also triggers a non-exploitable
startup crash for users switching between the Nightly and Release versions
of Firefox if the same profile is used. This vulnerability affects
Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.
Assigned-to
chrisccoulson
Package
Upstream:released (62.0.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (62.0.3+build1-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (62.0.3+build1-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (62.0.3+build1-0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (62.0.3+build1-0ubuntu1)
Package
Upstream:released (60.2.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:60.2.1+build1-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:60.2.1+build1-0ubuntu0.16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:60.2.1+build1-0ubuntu0.18.04.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:60.2.1+build1-0ubuntu1)
More Information

Updated: 2019-01-14 22:31:20 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)