CVE-2018-12363
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
18/10/2018
Last modified:
21/10/2024
Description
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/104560
- http://www.securitytracker.com/id/1041193
- https://access.redhat.com/errata/RHSA-2018:2112
- https://access.redhat.com/errata/RHSA-2018:2113
- https://access.redhat.com/errata/RHSA-2018:2251
- https://access.redhat.com/errata/RHSA-2018:2252
- https://bugzilla.mozilla.org/show_bug.cgi?id=1464784
- https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
- https://security.gentoo.org/glsa/201810-01
- https://security.gentoo.org/glsa/201811-13
- https://usn.ubuntu.com/3705-1/
- https://usn.ubuntu.com/3714-1/
- https://www.debian.org/security/2018/dsa-4235
- https://www.debian.org/security/2018/dsa-4244
- https://www.mozilla.org/security/advisories/mfsa2018-15/
- https://www.mozilla.org/security/advisories/mfsa2018-16/
- https://www.mozilla.org/security/advisories/mfsa2018-17/
- https://www.mozilla.org/security/advisories/mfsa2018-18/
- https://www.mozilla.org/security/advisories/mfsa2018-19/