CVE-2018-12363

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-12363

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12363.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-12363

Downstream

DEBIAN-CVE-2018-12363

DLA-1406-1

DLA-1425-1

DSA-4235-1

DSA-4244-1

RHSA-2018:2112

RHSA-2018:2113

RHSA-2018:2251

RHSA-2018:2252

SUSE-SU-2018:2174-1

SUSE-SU-2018:2298-1

SUSE-SU-2018:2322-1

SUSE-SU-2018:2322-2

SUSE-SU-2018:2325-1

SUSE-SU-2018:3247-1

UBUNTU-CVE-2018-12363

USN-3705-1

USN-3714-1

openSUSE-SU-2018:2807-1

openSUSE-SU-2018:3687-1

openSUSE-SU-2024:10590-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Withdrawn

2026-01-27T04:16:04.616632Z

Published

2018-10-18T13:29:01Z

Modified

2026-01-27T04:16:04.616632Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

References

Affected packages