Back to search
CVE-2018-18500
Published: Feb 5, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2019:0219
vendor-advisory
x_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2019-01/
x_refsource_CONFIRM
USN-3897-1
vendor-advisory
x_refsource_UBUNTU
106781
vdb-entry
x_refsource_BID
GLSA-201903-04
vendor-advisory
x_refsource_GENTOO
USN-3874-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:0269
vendor-advisory
x_refsource_REDHAT
RHSA-2019:0218
vendor-advisory
x_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2019-02/
x_refsource_CONFIRM
DSA-4376
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20190130 [SECURITY] [DLA 1648-1] firefox-esr security update
mailing-list
x_refsource_MLIST
https://www.mozilla.org/security/advisories/mfsa2019-03/
x_refsource_CONFIRM
DSA-4392
vendor-advisory
x_refsource_DEBIAN
RHSA-2019:0270
vendor-advisory
x_refsource_REDHAT
GLSA-201904-07
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2019:1758
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now