CVE-2018-5144
Publication date 15 March 2018
Last updated 25 August 2025
Ubuntu priority
Description
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | 18.04 LTS bionic |
Not affected
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| firefox-esr | 18.04 LTS bionic | Not in release |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| thunderbird | 18.04 LTS bionic |
Fixed 1:52.7.0+build1-0ubuntu1
|
| 16.04 LTS xenial |
Fixed 1:52.7.0+build1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1:52.7.0+build1-0ubuntu0.14.04.1
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.3 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-3545-1
- Thunderbird vulnerabilities
- 29 March 2018