Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-12363

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Related bugs and status

CVE-2018-12363 (Candidate) is related to these bugs:

Bug #1791477: Thunderbird Multiple Security Vulnerabilities

Summary				In	Importance	Status
	1791477	Thunderbird Multiple Security Vulnerabilities		thunderbird (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
MLIST: [debian-lts-announce] ...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-4235
DEBIAN: DSA-4244
REDHAT: RHSA-2018:2112
REDHAT: RHSA-2018:2113
REDHAT: RHSA-2018:2251
REDHAT: RHSA-2018:2252
UBUNTU: USN-3705-1
UBUNTU: USN-3714-1
BID: 104560
SECTRACK: 1041193
GENTOO: GLSA-201810-01
GENTOO: GLSA-201811-13