CVE-2018-12360

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12360

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12360.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-12360

Downstream

DEBIAN-CVE-2018-12360

DLA-1406-1

DLA-1425-1

DSA-4235-1

DSA-4244-1

RHSA-2018:2112

RHSA-2018:2113

RHSA-2018:2251

RHSA-2018:2252

SUSE-SU-2018:2174-1

SUSE-SU-2018:2298-1

SUSE-SU-2018:2322-1

SUSE-SU-2018:2322-2

SUSE-SU-2018:2325-1

SUSE-SU-2018:3247-1

UBUNTU-CVE-2018-12360

USN-3705-1

USN-3714-1

openSUSE-SU-2018:2807-1

openSUSE-SU-2018:3687-1

openSUSE-SU-2024:10590-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2018-10-18T13:29:00Z

Modified

2025-08-09T20:01:27Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

References

Affected packages