CVE-2018-5102: Use After Free
First published: Tue Jan 23 2018(Updated: )
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/firefox | 131.0.2-2 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.3.1esr-1~deb11u1 115.14.0esr-1~deb12u1 128.3.1esr-1~deb12u1 128.3.0esr-2 128.3.1esr-2 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.16.0esr-1~deb11u1 1:115.12.0-1~deb12u1 1:115.16.0esr-1~deb12u1 1:128.2.0esr-1 1:128.3.0esr-1 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Firefox | <58.0 | |
| Firefox ESR | <52.6.0 | |
| Thunderbird | <52.6.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =17.10 | |
| Thunderbird | <52.6 | 52.6 |
| Firefox | <58 | 58 |
| Firefox ESR | <52.6 | 52.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1419363
- https://www.mozilla.org/security/advisories/mfsa2018-02/
- https://www.mozilla.org/security/advisories/mfsa2018-03/
- https://www.mozilla.org/security/advisories/mfsa2018-04/
- https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html
- https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html
- https://www.debian.org/security/2018/dsa-4096
- https://www.debian.org/security/2018/dsa-4102
- https://access.redhat.com/errata/RHSA-2018:0122
- https://access.redhat.com/errata/RHSA-2018:0262
- https://usn.ubuntu.com/3544-1/
- http://www.securityfocus.com/bid/102783
- http://www.securitytracker.com/id/1040270
- https://launchpad.net/bugs/cve/CVE-2018-5102
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
- https://bugzilla.redhat.com/show_bug.cgi?id=1537822
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
- https://security-tracker.debian.org/tracker/CVE-2018-5102
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102
- https://nvd.nist.gov/vuln/detail/CVE-2018-5102
- https://ubuntu.com/security/CVE-2018-5102
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5095
- CVE-2018-5096
- CVE-2018-5097
- CVE-2018-5098
- CVE-2018-5099
- CVE-2018-5102
- CVE-2018-5103
- CVE-2018-5104
- CVE-2018-5117
- CVE-2018-5089
- CVE-2018-5091
- CVE-2018-5092
- CVE-2018-5093
- CVE-2018-5094
- CVE-2018-5100
- CVE-2018-5101
- CVE-2018-5105
- CVE-2018-5106
- CVE-2018-5107
- CVE-2018-5108
- CVE-2018-5109
- CVE-2018-5110
- CVE-2018-5111
- CVE-2018-5112
- CVE-2018-5113
- CVE-2018-5114
- CVE-2018-5115
- CVE-2018-5116
- CVE-2018-5118
- CVE-2018-5119
- CVE-2018-5121
- CVE-2018-5122
- CVE-2018-5090
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2018-5102.
Which software versions are affected by this vulnerability?
This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
What is the severity rating of CVE-2018-5102?
The severity rating of CVE-2018-5102 is critical with a score of 9.8.
Is there a fix available for this vulnerability?
Yes, the vulnerability can be fixed by updating to Firefox version 58.0 or higher, Thunderbird version 52.6.0 or higher, or the latest version of Ubuntu's firefox package.
Where can I find more information about CVE-2018-5102?
You can find more information about CVE-2018-5102 in the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1419363), [Mozilla Security Advisory](https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/), [Mozilla Security Advisories](https://www.mozilla.org/security/advisories/mfsa2018-02/)
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-5102
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mozilla-advisory
- source/Mozilla
- agent/softwarecombine
- agent/tags
- package-manager/debian
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- version/debian/9.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- canonical/thunderbird
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/17.10