Mozilla · Firefox Esr · CVE-2018-12366
**Name of the Vulnerable Software and Affected Versions**
Firefox versions prior to 61
Firefox ESR versions prior to 60.1
Thunderbird versions prior to 60
**Description**
The issue is related to an invalid grid size during QCMS transformations, which can result in an out-of-bounds read. This could allow a remote attacker to leak protected information by reading beyond buffer boundaries.
**Recommendations**
For Firefox versions prior to 61, update to version 61 or later to resolve the issue.
For Firefox ESR versions prior to 60.1, update to version 60.1 or later to resolve the issue.
For Thunderbird versions prior to 60, update to version 60 or later to resolve the issue.