CVE-2018-12371

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0  and Thunderbird before 60.0, when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash.
Group Package Affected Fixed Severity Status Ticket
AVG-751 thunderbird 52.9.1-1 60.0-1 Critical Fixed
AVG-727 firefox 60.0.2-1 61.0-1 Critical Fixed
Date Advisory Group Package Severity Description
10 Aug 2018 ASA-201808-8 AVG-751 thunderbird Critical multiple issues
27 Jun 2018 ASA-201806-14 AVG-727 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
https://bugzilla.mozilla.org/show_bug.cgi?id=1465686