ALT-PU-2018-1090-1
Package firefox-esr updated to version 52.6.0-alt0.M80C.1 for branch c8.1 in task 198518.
Closed vulnerabilities
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5096
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 102771
- 102771
- RHSA-2018:0122
- RHSA-2018:0122
- RHSA-2018:0262
- RHSA-2018:0262
- https://bugzilla.mozilla.org/show_bug.cgi?id=1418922
- https://bugzilla.mozilla.org/show_bug.cgi?id=1418922
- [debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update
- [debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update
- [debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update
- [debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update
- DSA-4096
- DSA-4096
- DSA-4102
- DSA-4102
- https://www.mozilla.org/security/advisories/mfsa2018-03/
- https://www.mozilla.org/security/advisories/mfsa2018-03/
- https://www.mozilla.org/security/advisories/mfsa2018-04/
- https://www.mozilla.org/security/advisories/mfsa2018-04/