CVE-2018-12363 — Use After Free in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
2.6%
top 14.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 14
Description
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages11 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.5
🔴Vulnerability Details
6GHSA▶
GHSA-2w5p-x474-vxp7: A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held↗2022-05-14
CVEList▶
CVE-2018-12363: A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held↗2018-10-18
OSV▶
CVE-2018-12363: A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held↗2018-10-18