CVE-2018-12359

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12359

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12359.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-12359

Downstream

DEBIAN-CVE-2018-12359

DLA-1406-1

DLA-1425-1

DSA-4235-1

DSA-4244-1

RHSA-2018:2112

RHSA-2018:2113

RHSA-2018:2251

RHSA-2018:2252

SUSE-SU-2018:2174-1

SUSE-SU-2018:2298-1

SUSE-SU-2018:2322-1

SUSE-SU-2018:2322-2

SUSE-SU-2018:2325-1

SUSE-SU-2018:3247-1

UBUNTU-CVE-2018-12359

USN-3705-1

USN-3714-1

openSUSE-SU-2018:2807-1

openSUSE-SU-2018:3687-1

openSUSE-SU-2024:10590-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2018-10-18T13:29:00Z

Modified

2025-08-09T20:01:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

References

Affected packages