FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- use-after-free in compositor

Affected packages
firefox < 59.0.2,1
waterfox < 56.0.4.36_3
linux-seamonkey < 2.49.3
seamonkey < 2.49.3
firefox-esr < 52.7.3,1
linux-firefox < 52.7.3,2
libxul < 52.7.3
linux-thunderbird < 52.7.1
thunderbird < 52.7.0_1

Details

VuXML ID 23f59689-0152-42d3-9ade-1658d6380567
Discovery 2018-03-26
Entry 2018-03-27
Modified 2018-03-31

The Mozilla Foundation reports:

CVE-2018-5148: Use-after-free in compositor

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

References

CVE Name CVE-2018-5148
URL https://www.mozilla.org/security/advisories/mfsa2018-10/