{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2018-12388","title":"Title"},{"category":"description","text":"Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2018-12388","url":"https://www.suse.com/security/cve/CVE-2018-12388"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1112852 for CVE-2018-12388","url":"https://bugzilla.suse.com/1112852"},{"category":"external","summary":"Advisory link for openSUSE-SU-2024:14572-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/"}],"title":"SUSE CVE CVE-2018-12388","tracking":{"current_release_date":"2025-12-14T02:35:10Z","generator":{"date":"2023-02-15T04:26:38Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2018-12388","initial_release_date":"2023-02-15T04:26:38Z","revision_history":[{"date":"2023-02-15T04:26:38Z","number":"2","summary":"Current version"},{"date":"2024-12-13T02:18:26Z","number":"3","summary":"Current version"},{"date":"2024-12-21T04:00:52Z","number":"4","summary":"Current version"},{"date":"2025-01-01T07:36:24Z","number":"5","summary":"Current version"},{"date":"2025-01-10T04:00:30Z","number":"6","summary":"Current version"},{"date":"2025-03-14T04:00:24Z","number":"7","summary":"Current version"},{"date":"2025-03-15T12:04:37Z","number":"8","summary":"Current version"},{"date":"2025-04-25T06:59:51Z","number":"9","summary":"Current version"},{"date":"2025-05-01T06:30:02Z","number":"10","summary":"Current version"},{"date":"2025-06-27T01:19:25Z","number":"11","summary":"Current version"},{"date":"2025-07-01T02:15:26Z","number":"12","summary":"Current version"},{"date":"2025-09-07T00:09:28Z","number":"13","summary":"Current version"},{"date":"2025-12-14T02:35:10Z","number":"14","summary":"unknown changes"}],"status":"interim","version":"14"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"MozillaFirefox","product":{"name":"MozillaFirefox","product_id":"MozillaFirefox","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox@?upstream=MozillaFirefox.src.rpm"}}},{"category":"product_version","name":"MozillaFirefox-92.0-1.2","product":{"name":"MozillaFirefox-92.0-1.2","product_id":"MozillaFirefox-92.0-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:92.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox@92.0-1.2?upstream=MozillaFirefox-92.0-1.2.src.rpm"}}},{"category":"product_version","name":"MozillaFirefox-branding-upstream-92.0-1.2","product":{"name":"MozillaFirefox-branding-upstream-92.0-1.2","product_id":"MozillaFirefox-branding-upstream-92.0-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:92.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox-branding-upstream@92.0-1.2?upstream=MozillaFirefox-92.0-1.2.src.rpm"}}},{"category":"product_version","name":"MozillaFirefox-devel-92.0-1.2","product":{"name":"MozillaFirefox-devel-92.0-1.2","product_id":"MozillaFirefox-devel-92.0-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:92.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox-devel@92.0-1.2?upstream=MozillaFirefox-92.0-1.2.src.rpm"}}},{"category":"product_version","name":"MozillaFirefox-translations-common-92.0-1.2","product":{"name":"MozillaFirefox-translations-common-92.0-1.2","product_id":"MozillaFirefox-translations-common-92.0-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:92.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox-translations-common@92.0-1.2?upstream=MozillaFirefox-92.0-1.2.src.rpm"}}},{"category":"product_version","name":"MozillaFirefox-translations-other-92.0-1.2","product":{"name":"MozillaFirefox-translations-other-92.0-1.2","product_id":"MozillaFirefox-translations-other-92.0-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:92.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox-translations-other@92.0-1.2?upstream=MozillaFirefox-92.0-1.2.src.rpm"}}},{"category":"product_version","name":"firefox-esr-128.5.1-1.1","product":{"name":"firefox-esr-128.5.1-1.1","product_id":"firefox-esr-128.5.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/firefox-esr@128.5.1-1.1"}}},{"category":"product_version","name":"firefox-esr-branding-upstream-128.5.1-1.1","product":{"name":"firefox-esr-branding-upstream-128.5.1-1.1","product_id":"firefox-esr-branding-upstream-128.5.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/firefox-esr-branding-upstream@128.5.1-1.1"}}},{"category":"product_version","name":"firefox-esr-translations-common-128.5.1-1.1","product":{"name":"firefox-esr-translations-common-128.5.1-1.1","product_id":"firefox-esr-translations-common-128.5.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/firefox-esr-translations-common@128.5.1-1.1"}}},{"category":"product_version","name":"firefox-esr-translations-other-128.5.1-1.1","product":{"name":"firefox-esr-translations-other-128.5.1-1.1","product_id":"firefox-esr-translations-other-128.5.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/firefox-esr-translations-other@128.5.1-1.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-92.0-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2"},"product_reference":"MozillaFirefox-92.0-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-branding-upstream-92.0-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2"},"product_reference":"MozillaFirefox-branding-upstream-92.0-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-devel-92.0-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2"},"product_reference":"MozillaFirefox-devel-92.0-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-translations-common-92.0-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2"},"product_reference":"MozillaFirefox-translations-common-92.0-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-translations-other-92.0-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2"},"product_reference":"MozillaFirefox-translations-other-92.0-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"firefox-esr-128.5.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:firefox-esr-128.5.1-1.1"},"product_reference":"firefox-esr-128.5.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"firefox-esr-branding-upstream-128.5.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1"},"product_reference":"firefox-esr-branding-upstream-128.5.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"firefox-esr-translations-common-128.5.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1"},"product_reference":"firefox-esr-translations-common-128.5.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"firefox-esr-translations-other-128.5.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1"},"product_reference":"firefox-esr-translations-other-128.5.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SLES for SAP Applications 11 SP3","product_id":"SLES for SAP Applications 11 SP3:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SLES for SAP Applications 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Server 11 SP3 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP3 LTSS:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 LTSS"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-translations-common as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common"},"product_reference":"MozillaFirefox-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-translations-other as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other"},"product_reference":"MozillaFirefox-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-devel as component of SUSE Linux Enterprise Server 11 SP4","product_id":"SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-devel"},"product_reference":"MozillaFirefox-devel","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Server 11 SP4","product_id":"SUSE Linux Enterprise Server 11 SP4:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-devel as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-devel"},"product_reference":"MozillaFirefox-devel","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-devel as component of SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-devel"},"product_reference":"MozillaFirefox-devel","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox-devel as component of SUSE Linux Enterprise Software Development Kit 11 SP4","product_id":"SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel"},"product_reference":"MozillaFirefox-devel","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Linux Enterprise Software Development Kit 11 SP4","product_id":"SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 11 SP4"}]},"vulnerabilities":[{"cve":"CVE-2018-12388","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-12388"}],"notes":[{"category":"general","text":"Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Linux Enterprise Server 11 SP1 for Teradata:MozillaFirefox"],"recommended":["openSUSE Tumbleweed:MozillaFirefox-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2","openSUSE Tumbleweed:firefox-esr-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1"]},"references":[{"category":"external","summary":"CVE-2018-12388","url":"https://www.suse.com/security/cve/CVE-2018-12388"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1112852 for CVE-2018-12388","url":"https://bugzilla.suse.com/1112852"},{"category":"external","summary":"Advisory link for openSUSE-SU-2024:14572-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:MozillaFirefox-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2","openSUSE Tumbleweed:firefox-esr-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1"]},{"category":"no_fix_planned","details":"There is no fix planned for these products.\n","product_ids":["SLES for SAP Applications 11 SP3:MozillaFirefox","SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox","SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-devel","SUSE Linux Enterprise Server 11 SP3 LTSS:MozillaFirefox","SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox","SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox","SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common","SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common","SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other","SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other","SUSE Linux Enterprise Server 11 SP4:MozillaFirefox","SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-devel","SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox","SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-devel","SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox","SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox","SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:MozillaFirefox-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2","openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2","openSUSE Tumbleweed:firefox-esr-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1","openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1"]}],"threats":[{"category":"impact","date":"2018-10-23T15:09:49Z","details":"important"}],"title":"CVE-2018-12388"}]}