CVE-2018-12392

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in Firefox and Thunderbird versions prior to 63.0. When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
Group Package Affected Fixed Severity Status Ticket
AVG-803 thunderbird 60.2.1-2 60.3.0-1 Critical Fixed
AVG-787 firefox 62.0.3-2 63.0-1 Critical Fixed
Date Advisory Group Package Severity Description
06 Nov 2018 ASA-201811-10 AVG-803 thunderbird Critical arbitrary code execution
24 Oct 2018 ASA-201810-14 AVG-787 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392
https://bugzilla.mozilla.org/show_bug.cgi?id=1492823