CVE-2018-12363

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60 Thunderbird versions prior to 52.9 Firefox ESR versions prior to 60.1 Firefox ESR versions prior to 52.9 Firefox versions prior to 61

Description A use-after-free issue can occur when a script uses mutation events to move DOM nodes between documents. This results in the old document that held the node being freed, but the node still having a pointer referencing it, leading to a potentially exploitable crash. The vulnerability is related to the use of memory after it has been freed, which can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Thunderbird versions prior to 60, update to version 60 or later. For Thunderbird versions prior to 52.9, update to version 52.9 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Firefox ESR versions prior to 52.9, update to version 52.9 or later. For Firefox versions prior to 61, update to version 61 or later.