Design/Logic Flaw

2018-10-1813:29:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.7%

JSON

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
debian_linuxeq8.0
debian_linuxeq9.0
firefoxlt62.0
firefox_esrlt60.2.0
thunderbirdlt60.2.1
enterprise_linux_desktopeq7.0
enterprise_linux_desktopeq6.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	18.04
debian_linux	eq	8.0
debian_linux	eq	9.0
firefox	lt	62.0
firefox_esr	lt	60.2.0
thunderbird	lt	60.2.1
enterprise_linux_desktop	eq	7.0
enterprise_linux_desktop	eq	6.0