First published: Tue Dec 11 2018(Updated: )
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <60.4 | 60.4 |
Mozilla Firefox ESR | <60.4 | 60.4 |
Mozilla Firefox | <64 | 64 |
Mozilla Firefox | <64.0 | |
Mozilla Firefox ESR | <60.4.0 | |
Mozilla Thunderbird | <60.4.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
ubuntu/firefox | <64.0+ | 64.0+ |
ubuntu/firefox | <64.0+ | 64.0+ |
ubuntu/firefox | <64.0+ | 64.0+ |
ubuntu/firefox | <64.0 | 64.0 |
ubuntu/firefox | <64.0+ | 64.0+ |
ubuntu/thunderbird | <1:60.4.0+ | 1:60.4.0+ |
ubuntu/thunderbird | <1:60.4.0+ | 1:60.4.0+ |
ubuntu/thunderbird | <1:60.4.0+ | 1:60.4.0+ |
ubuntu/thunderbird | <60.4 | 60.4 |
ubuntu/thunderbird | <1:60.4.0+ | 1:60.4.0+ |
debian/firefox | 125.0.3-1 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.10.0esr-1 | |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.10.1-1~deb10u1 1:115.7.0-1~deb11u1 1:115.10.1-1~deb11u1 1:115.7.0-1~deb12u1 1:115.10.1-1~deb12u1 1:115.10.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2018-18492 is a use-after-free vulnerability that can occur after deleting a selection element in Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
CVE-2018-18492 has a severity rating of 9.8 out of 10.
Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64 are affected by CVE-2018-18492.
The remedy for CVE-2018-18492 is to update Thunderbird to version 60.4 or later, Firefox ESR to version 60.4 or later, and Firefox to version 64 or later.
You can find more information about CVE-2018-18492 in the following references: [1] [2] [3].