Products

Solutions

Company

Book A Live Demo

CVE-2018-12385 : What You Need to Know

Learn about CVE-2018-12385, a vulnerability in Thunderbird and Firefox that triggers a crash in SSL functionality due to cached data. Find out how to mitigate this issue and protect your systems.

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

Understanding CVE-2018-12385

This CVE involves a crash in TransportSecurityInfo due to cached data.

What is CVE-2018-12385?

The vulnerability allows for a crash in TransportSecurityInfo due to data stored in the local cache, impacting Thunderbird, Firefox ESR, and Firefox.

The Impact of CVE-2018-12385

The vulnerability can lead to a crash in SSL functionality, potentially triggered by malicious data stored in the local cache.

Technical Details of CVE-2018-12385

This section provides more technical insights into the CVE.

Vulnerability Description

The issue arises from a crash in TransportSecurityInfo due to cached data.

Affected Systems and Versions

Thunderbird versions prior to 60.2.1

Firefox ESR versions prior to 60.2.1

Firefox versions prior to 62.0.2

Exploitation Mechanism

Requires another vulnerability allowing data writing into the local cache or locally installed malware.

Triggers a non-exploitable startup crash for users switching between Nightly and Release versions.

Mitigation and Prevention

Protecting systems from the CVE is crucial.

Immediate Steps to Take

Update Thunderbird, Firefox ESR, and Firefox to versions 60.2.1 and 62.0.2, respectively.

Implement security measures to prevent unauthorized data writing into the local cache.

CVE-2018-12385 : What You Need to Know

Understanding CVE-2018-12385

What is CVE-2018-12385?

The Impact of CVE-2018-12385

Technical Details of CVE-2018-12385

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2018-12385 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2018-12385

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2018-12385?

The Impact of CVE-2018-12385

Technical Details of CVE-2018-12385

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2018-12385

What is CVE-2018-12385?

Is your System Free of Underlying Vulnerabilities?
Find Out Now