A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 17.10 | |
ubuntu_linux | eq | 18.04 | |
debian_linux | eq | 8.0 | |
debian_linux | eq | 9.0 | |
firefox | lt | 61.0 | |
firefox_esr | lt | 52.9 | |
firefox_esr | ge | 53.0 | |
firefox_esr | lt | 60.1.0 |
www.securityfocus.com/bid/104555
www.securitytracker.com/id/1041193
access.redhat.com/errata/RHSA-2018:2112
access.redhat.com/errata/RHSA-2018:2113
access.redhat.com/errata/RHSA-2018:2251
access.redhat.com/errata/RHSA-2018:2252
bugzilla.mozilla.org/show_bug.cgi?id=1459693
lists.debian.org/debian-lts-announce/2018/06/msg00014.html
lists.debian.org/debian-lts-announce/2018/07/msg00013.html
security.gentoo.org/glsa/201810-01
security.gentoo.org/glsa/201811-13
usn.ubuntu.com/3705-1/
usn.ubuntu.com/3714-1/
www.debian.org/security/2018/dsa-4235
www.debian.org/security/2018/dsa-4244
www.mozilla.org/security/advisories/mfsa2018-15/
www.mozilla.org/security/advisories/mfsa2018-16/
www.mozilla.org/security/advisories/mfsa2018-17/
www.mozilla.org/security/advisories/mfsa2018-18/
www.mozilla.org/security/advisories/mfsa2018-19/