PT-2019-9599 · Mozilla+1 · Thunderbird+1

Wayne Mery

Published

2019-01-29

Updated

2020-03-18

CVE-2018-18512

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.5

Description A use-after-free issue can occur in Thunderbird when playing a sound notification. The memory containing the sound data is freed immediately, even though the sound is still being played asynchronously, which can lead to a potentially exploitable crash.

Recommendations For versions prior to 60.5, update to version 60.5 or later to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1166

ALT-PU-2020-1515

CVE-2018-18512

DLA-1678-1

DSA-4392-1

Affected Products

Alt Linux

Thunderbird

PT-2019-9599 · Mozilla+1 · Thunderbird+1

CVE-2018-18512

Weakness Enumeration

Related Identifiers

Affected Products

References · 12