---

CVE-2018-12377 - log back

CVE-2018-12377 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377 + https://bugzilla.mozilla.org/show_bug.cgi?id=1470260
Notes