CVE-2018-12371
HIGHFirefox < 61 and Firefox ESR < 60.1 - Use-After-Free via Skia Edge Builder Memory Allocation
Title source: llmDescription
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2018-16/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2018-15/
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2018-19/
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1465686
Scores
CVSS v3
8.8
EPSS
0.0050
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
mozilla/firefox
< 60.1.0
mozilla/thunderbird
< 60.0
Published
Jul 09, 2020
Tracked Since
Feb 18, 2026