PT-2018-1735 · Mozilla+5 · Firefox Esr+7

Zhanjia Song

·

Publicado

2018-09-05

·

Atualizado

2024-12-12

·

CVE-2018-12378

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 62 Firefox ESR versions prior to 60.2 Thunderbird versions prior to 60.2.1
Description A use-after-free issue can occur when an IndexedDB index is deleted while still in use by JavaScript code, resulting in a potentially exploitable crash. This issue may allow a remote attacker to execute arbitrary code or cause the application to crash.
Recommendations For Firefox versions prior to 62, update to version 62 or later to resolve the issue. For Firefox ESR versions prior to 60.2, update to version 60.2 or later to resolve the issue. For Thunderbird versions prior to 60.2.1, update to version 60.2.1 or later to resolve the issue.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-2304
ALT-PU-2018-2423
ALT-PU-2018-2669
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2018-01334
CESA-2018_2692
CESA-2018_2693
CESA-2018_3403
CVE-2018-12378
DLA-1575-1
DSA-4287-1
DSA-4327-1
MGASA-2018-0480
OPENSUSE-SU-2018:3687-1
OPENSUSE-SU-2018_2674-1
OPENSUSE-SU-2018_3051-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2018:2692
RHSA-2018:2693
RHSA-2018:3403
RHSA-2018:3458
RHSA-2018_2692
RHSA-2018_2693
RHSA-2018_3403
RHSA-2018_3458
SUSE-SU-2018:2890-1
SUSE-SU-2018:3247-1
SUSE-SU-2018:3591-1
SUSE-SU-2018:3591-2
USN-3761-1
USN-3761-2
USN-3761-3
USN-3793-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu