CVE-2018-12360

Summary

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 60affected
MozillaThunderbirdunspecified < 52.9affected
MozillaFirefox ESRunspecified < 60.1affected
MozillaFirefox ESRunspecified < 52.9affected
MozillaFirefoxunspecified < 61affected

Weaknesses

  • Use-after-free when using focus()

ADP Enrichment

CVE Program Container

Additional References

References