CVE-2018-18492 - Vulncode-DB

CVE-2018-18492 (NVD)

2019-02-28

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Products	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
Type	Use After Free (CWE-416)
First patch	- None (likely due to unavailable code)
Links	• https://www.debian.org/security/2019/dsa-4362 • https://access.redhat.com/errata/RHSA-2019:0159 • https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html • https://access.redhat.com/errata/RHSA-2018:3833 • https://www.debian.org/security/2018/dsa-4354 More/Less (10) • http://www.securityfocus.com/bid/106168 • https://www.mozilla.org/security/advisories/mfsa2018-31/ • https://access.redhat.com/errata/RHSA-2019:0160 • https://usn.ubuntu.com/3868-1/ • https://bugzilla.mozilla.org/show_bug.cgi?id=1499861 • https://www.mozilla.org/security/advisories/mfsa2018-29/ • https://access.redhat.com/errata/RHSA-2018:3831 • https://security.gentoo.org/glsa/201903-04 • https://usn.ubuntu.com/3844-1/ • https://www.mozilla.org/security/advisories/mfsa2018-30/