CVE-2018-12363

Priority
Description
A use-after-free vulnerability can occur when script uses mutation events
to move DOM nodes between documents, resulting in the old document that
held the node being freed but the node still having a pointer referencing
it. This results in a potentially exploitable crash. This vulnerability
affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox
ESR < 52.9, and Firefox < 61.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (61.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [61.0+build3-0ubuntu0.14.04.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (61.0+build3-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (61.0+build3-0ubuntu0.18.04.1)
Package
Priority: Low
Upstream:released (52.9.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:52.9.1+build3-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.9.1+build3-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:52.9.1+build3-0ubuntu0.18.04.1)
More Information

Updated: 2019-12-05 18:50:16 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)