Package firefox-esr updated to version 52.7.3-alt0.M80C.1 for branch c8 in task 203029.

Published: 2018-06-11

BDU:2021-04143

Уязвимость браузеров Mozilla Firefox, Firefox ESR, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2018-5148

Published: 2018-06-11
Modified: 2024-11-21

CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package firefox-esr update in c8 on 2018-03-29

ALT-PU-2018-1508-1

Closed vulnerabilities

BDU:2021-04143

CVE-2018-5148