Vulnerability CVE-2018-12377: Information
Description
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2018-25/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-21/ |
|
https://www.mozilla.org/security/advisories/mfsa2018-20/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1470260 |
|
DSA-4287 |
|
USN-3793-1 |
|
USN-3761-1 |
|
RHSA-2018:2693 |
|
RHSA-2018:2692 |
|
1041610 |
|
105280 |
|
GLSA-201810-01 |
|
DSA-4327 |
|
RHSA-2018:3403 |
|
RHSA-2018:3458 |
|
[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update |
|
GLSA-201811-13 |
|