CVE-2018-12363
Description
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.562
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Mozilla Firefox 60.7.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.7.3 | Mac |
| Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.8.1 | Mac |
| Multiple Vulnerabilities are affected in Firefox ESR for Mac 60.0.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.8.1 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.0.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.8.0 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 59.0-beta2 | Mac |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.14.04.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.14.04.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.17.10.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.17.10.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.18.04.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3714-1) thunderbird_52.9.1+build3-0ubuntu0.18.04.1_amd64.deb | Linux |
| firefox-esr security update(DSA-4235-1) firefox-esr_52.9.0esr-1~deb9u1_i386.deb | Linux |
| firefox-esr security update(DSA-4235-1) firefox-esr_52.9.0esr-1~deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:2322-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-52.9.0esr-109.38.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2322-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debuginfo-52.9.0esr-109.38.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2322-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debugsource-52.9.0esr-109.38.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2322-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-translations-52.9.0esr-109.38.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2325-1(SUSE Linux Enterprise Server 11-SP4 ) MozillaFirefox-52.9.0esr-72.38.6.x86_64.rpm | Linux |
| SUSE-SU-2018:2325-1(SUSE Linux Enterprise Server 11-SP4 ) MozillaFirefox-translations-52.9.0esr-72.38.6.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234