CVE-2018-5155Use After Free in Mozilla Firefox

CWE-416Use After Free12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
2.9%
top 13.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+9 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

CVEListV5mozilla/firefoxunspecified60
NVDmozilla/firefox< 52.8.0+1
CVEListV5mozilla/firefox_esrunspecified52.8
CVEListV5mozilla/thunderbirdunspecified52.8
NVDmozilla/thunderbird< 52.8.0

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.5

🔴Vulnerability Details

6
GHSA
GHSA-hjwf-v2m2-363g: A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths2022-05-14
OSV
CVE-2018-5155: A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths2018-06-11
CVEList
CVE-2018-5155: A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths2018-06-11
OSV
thunderbird vulnerabilities2018-05-25
OSV
firefox regression2018-05-18

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2018-05-25
Ubuntu
Firefox vulnerabilities2018-05-11
Red Hat
Mozilla: Use-after-free with SVG animations and text paths2018-05-09
Debian
CVE-2018-5155: firefox - A use-after-free vulnerability can occur while adjusting layout during SVG anima...2018

💬Community

1
Bugzilla
CVE-2018-5155 Mozilla: Use-after-free with SVG animations and text paths2018-05-09
CVE-2018-5155 — Use After Free in Mozilla Firefox | cvebase