CVE-2018-5155

Description

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

2.921

Associated Vulnerability

Vulnerability	OS Platform
Updates for Mozilla Firefox (60.0)	Windows
Updates for Mozilla Firefox ESR (52.8.0)	Windows
Updates for Mozilla Firefox (x64) (60.0)	Windows
Updates for Mozilla Firefox ESR (x64) (52.8.0)	Windows
Updates for Mozilla Firefox (60.0.1)	Windows
Updates for Mozilla Firefox (x64) (60.0.1)	Windows
Mozilla Thunderbird (52.8.0)	Windows
Updates for Mozilla Firefox (60.0.2)	Windows
Updates for Mozilla Firefox ESR (52.8.1)	Windows
Updates for Mozilla Firefox (x64) (60.0.2)	Windows
Updates for Mozilla Firefox ESR (x64) (52.8.1)	Windows
Updates for Mozilla Firefox ESR (60.0.2)	Windows
Updates for Mozilla Firefox ESR (x64) (60.0.2)	Windows
Mozilla Firefox ESR (60.1.0)	Windows
Mozilla Firefox ESR (x64) (60.1.0)	Windows
Mozilla Firefox ESR (60.2.0)	Windows
Mozilla Firefox ESR (x64) (60.2.0)	Windows
Mozilla Firefox ESR (60.2.1)	Windows
Mozilla Firefox ESR (x64) (60.2.1)	Windows
Mozilla Firefox ESR (60.2.2)	Windows
Mozilla Firefox ESR (x64) (60.2.2)	Windows
Mozilla Firefox ESR (60.3.0)	Windows
Mozilla Firefox ESR (x64) (60.3.0)	Windows
Mozilla Firefox ESR (60.5.0)	Windows
Mozilla Firefox ESR (60.5.1)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.1)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.2)	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.7.4	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.7.4	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60	Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 45.8.0	Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.7.0	Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.8	Mac
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.14.04.1_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.16.04.1_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.16.04.1_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.17.10.1_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.17.10.1_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.18.04.1_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3660-1) thunderbird_52.8.0+build1-0ubuntu0.18.04.1_amd64.deb	Linux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb8u1_i386.deb	Linux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb8u1_amd64.deb	Linux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb9u1_i386.deb	Linux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb9u1_amd64.deb	Linux
thunderbird security update(DSA-4209-1) thunderbird_52.8.0-1~deb9u1_i386.deb	Linux
thunderbird security update(DSA-4209-1) thunderbird_52.8.0-1~deb9u1_amd64.deb	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-307502	Updates for Mozilla Firefox (60.0)
PATCH-307503	Updates for Mozilla Firefox ESR (52.8.0)
PATCH-307506	Updates for Mozilla Firefox (x64) (60.0)
PATCH-307508	Updates for Mozilla Firefox ESR (x64) (52.8.0)
PATCH-307537	Updates for Mozilla Firefox (60.0.1)
PATCH-307542	Updates for Mozilla Firefox (x64) (60.0.1)
PATCH-307561	Mozilla Thunderbird (52.8.0)
PATCH-307642	Updates for Mozilla Firefox (60.0.2)
PATCH-307643	Updates for Mozilla Firefox ESR (52.8.1)
PATCH-307646	Updates for Mozilla Firefox (x64) (60.0.2)
PATCH-307647	Updates for Mozilla Firefox ESR (x64) (52.8.1)
PATCH-307736	Updates for Mozilla Firefox ESR (60.0.2)
PATCH-307744	Updates for Mozilla Firefox ESR (x64) (60.0.2)
PATCH-307747	Mozilla Firefox ESR (60.1.0)
PATCH-307748	Mozilla Firefox ESR (x64) (60.1.0)
PATCH-308027	Mozilla Firefox ESR (60.2.0)
PATCH-308035	Mozilla Firefox ESR (x64) (60.2.0)
PATCH-308123	Mozilla Firefox ESR (60.2.1)
PATCH-308125	Mozilla Firefox ESR (x64) (60.2.1)
PATCH-308181	Mozilla Firefox ESR (60.2.2)
PATCH-308183	Mozilla Firefox ESR (x64) (60.2.2)
PATCH-308289	Mozilla Firefox ESR (60.3.0)
PATCH-308293	Mozilla Firefox ESR (x64) (60.3.0)
PATCH-308876	Mozilla Firefox ESR (60.5.0)
PATCH-308982	Mozilla Firefox ESR (60.5.1)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-612783	Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234