VDB

CVE-2018-18500

CVE-2018-18500 PUBLISHED

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

EPSS 35.41% · 97.1th percentile

Risk Scores

EPSS Score
35.41%
97.1th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSmozjs5252.9.1-1build1, 0, 52.9.1-1ubuntu3
Ubuntu:18.04:LTSthunderbird1:60.4.0+build2-0ubuntu0.18.04.1, 1:52.7.0+build1-0ubuntu1, 1:52.4.0+build1-0ubuntu2
Ubuntu:16.04:LTSfirefox57.0.3+build1-0ubuntu0.16.04.1, 57.0.1+build2-0ubuntu0.16.04.1, 57.0+build4-0ubuntu0.16.04.6
Ubuntu:14.04:LTSthunderbird0, 1:24.0+build1-0ubuntu1, 1:24.0+build1-0ubuntu2
Ubuntu:14.04:LTSfirefox59.0+build5-0ubuntu0.14.04.1, 59.0.1+build1-0ubuntu0.14.04.1, 59.0.2+build1-0ubuntu0.14.04.1
Ubuntu:18.04:LTSmozjs5252.3.1-0ubuntu3, 0, 52.3.1-7fakesync1
Ubuntu:16.04:LTSthunderbird1:38.6.0+build1-0ubuntu1, 1:38.8.0+build1-0ubuntu0.16.04.1, 1:45.2.0+build1-0ubuntu0.16.04.1
Ubuntu:18.04:LTSmozjs380, 38.8.0~repack1-0ubuntu1, 38.8.0~repack1-0ubuntu3
Ubuntu:18.04:LTSfirefox60.0.1+build2-0ubuntu0.18.04.1, 61.0+build3-0ubuntu0.18.04.1, 61.0.1+build1-0ubuntu0.18.04.1

Exploit Intelligence

…and 1 more exploits

Timeline

  • Jan 30, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Jan 30, 2024 EPSS Score
  • Jun 28, 2024 EPSS Score
  • Aug 7, 2024 EPSS Score
  • Aug 31, 2024 EPSS Score
  • Sep 24, 2024 EPSS Score
  • Nov 20, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 17, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›