Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-12377

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Related bugs and status

CVE-2018-12377 (Candidate) is related to these bugs:

Bug #1796126: Thunderbird is out of date for two months when Thunderbird 60 was released

Summary				In	Importance	Status
	1796126	Thunderbird is out of date for two months when Thunderbird 60 was released		thunderbird (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
DEBIAN: DSA-4287
REDHAT: RHSA-2018:2692
REDHAT: RHSA-2018:2693
UBUNTU: USN-3761-1
UBUNTU: USN-3793-1
BID: 105280
SECTRACK: 1041610
GENTOO: GLSA-201810-01
DEBIAN: DSA-4327
REDHAT: RHSA-2018:3403
REDHAT: RHSA-2018:3458
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-201811-13