CVE-2018-5154

Summary

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 52.8affected
MozillaThunderbird ESRunspecified < 52.8affected
MozillaFirefoxunspecified < 60affected
MozillaFirefox ESRunspecified < 52.8affected

Weaknesses

  • Use-after-free with SVG animations and clip paths

ADP Enrichment

CVE Program Container

Additional References

References