cbcvebase.
CVE-2018-12377
published 2018-10-18

CVE-2018-12377: A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianfirefox< firefox 62.0-1 (sid)firefox 62.0-1 (sid)
debianfirefox-esr< firefox 62.0-1 (sid)firefox 62.0-1 (sid)
debianthunderbird< firefox 62.0-1 (sid)firefox 62.0-1 (sid)
mozillafirefox< 60.2.060.2.0
mozillafirefox< 62.062.0
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.14.04.562.0+build2-0ubuntu0.14.04.5
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.14.04.462.0+build2-0ubuntu0.14.04.4
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.14.04.362.0+build2-0ubuntu0.14.04.3
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.16.04.562.0+build2-0ubuntu0.16.04.5
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.16.04.462.0+build2-0ubuntu0.16.04.4
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.16.04.362.0+build2-0ubuntu0.16.04.3
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.18.04.562.0+build2-0ubuntu0.18.04.5
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.18.04.462.0+build2-0ubuntu0.18.04.4
mozillafirefox>= 0 < 62.0+build2-0ubuntu0.18.04.362.0+build2-0ubuntu0.18.04.3
mozillafirefox>= unspecified < 6262
mozillafirefox_esr>= unspecified < 60.260.2
mozillathunderbird< 60.2.160.2.1
mozillathunderbird>= 0 < 1:60.2.1-11:60.2.1-1
mozillathunderbird>= 0 < 1:60.2.1-11:60.2.1-1
mozillathunderbird>= 0 < 1:60.2.1-11:60.2.1-1

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL