CVE-2018-12363
Publication date 27 June 2018
Last updated 25 August 2025
Ubuntu priority
Description
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | 18.04 LTS bionic |
Fixed 61.0+build3-0ubuntu0.18.04.1
|
| 16.04 LTS xenial |
Fixed 61.0+build3-0ubuntu0.16.04.2
|
|
| 14.04 LTS trusty |
Fixed 61.0+build3-0ubuntu0.14.04.2
|
|
| thunderbird | 18.04 LTS bionic |
Fixed 1:52.9.1+build3-0ubuntu0.18.04.1
|
| 16.04 LTS xenial |
Fixed 1:52.9.1+build3-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1:52.9.1+build3-0ubuntu0.14.04.1
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
8.8 · High
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Related Ubuntu Security Notices (USN)
- USN-3714-1
- Thunderbird vulnerabilities
- 12 July 2018
- USN-3705-1
- Firefox vulnerabilities
- 5 July 2018