QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-12363

Back to search

CVE-2018-12363

Published: Oct 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

VendorProductVersions

Mozilla

Thunderbird

affected
unspecified - < 60
affected
unspecified - < 52.9

Mozilla

Firefox ESR

affected
unspecified - < 60.1
affected
unspecified - < 52.9

Mozilla

Firefox

affected
unspecified - < 61

References

GLSA-201810-01
vendor-advisory
x_refsource_GENTOO
RHSA-2018:2112
vendor-advisory
x_refsource_REDHAT
GLSA-201811-13
vendor-advisory
x_refsource_GENTOO
DSA-4235
vendor-advisory
x_refsource_DEBIAN
RHSA-2018:2113
vendor-advisory
x_refsource_REDHAT
DSA-4244
vendor-advisory
x_refsource_DEBIAN
104560
vdb-entry
x_refsource_BID
1041193
vdb-entry
x_refsource_SECTRACK
RHSA-2018:2252
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2251
vendor-advisory
x_refsource_REDHAT
USN-3705-1
vendor-advisory
x_refsource_UBUNTU
USN-3714-1
vendor-advisory
x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now