CVE-2018-18512
Gentoo Linux Security Advisory 201904-07
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5.
Puede ocurrir una vulnerabilidad de uso después de la liberación mientras se reproduce una notificación sonora en Thunderbird. La memoria que almacena los datos de sonido se libera inmediatamente, aunque el sonido se sigue reproduciendo asincrónicamente, provocando un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird a las versiones anteriores a 66.
Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. Versions less than 60.6.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-19 CVE Reserved
- 2019-04-02 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2019-03 | 2019-04-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 65.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 65.0" | - |
Affected
| ||||||