CVE-2018-12392

Summary

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 63affected
MozillaFirefox ESRunspecified < 60.3affected
MozillaThunderbirdunspecified < 60.3affected

Weaknesses

  • Crash with nested event loops

ADP Enrichment

CVE Program Container

Additional References

References