Описание
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2018:1414 | 14.05.2018 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2018:1726 | 24.05.2018 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2018:1415 | 14.05.2018 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2018:1725 | 24.05.2018 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
A use-after-free vulnerability can occur while enumerating attributes ...
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Уязвимость механизма обработки SVG-объектов браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
9.8 Critical
CVSS3