Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 651676 (CVE-2018-5148) - <www-client/firefox{,-bin}-52.7.3: vulnerability (MFSA-2018-10)
Summary: <www-client/firefox{,-bin}-52.7.3: vulnerability (MFSA-2018-10)
Status: RESOLVED FIXED
Alias: CVE-2018-5148
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2018-03-27 08:14 UTC by Alexander Sergeyev
Modified: 2018-07-28 19:25 UTC (History)
1 user (show)

See Also:
Package list:
=www-client/firefox-52.8.0
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Sergeyev 2018-03-27 08:14:51 UTC
Fixed in Firefox 59.0.2, Firefox ESR 52.7.3.

CVE-2018-5148: Use-after-free in compositor

Impact high

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.
Comment 1 Ian Stakenvicius (RETIRED) gentoo-dev 2018-05-11 16:07:29 UTC
Since this was never stabilized, please stabilize www-client/firefox-52.8.0 to address this as well as newer security bugs.
Comment 2 Thomas Deutschmann gentoo-dev Security 2018-05-13 22:08:00 UTC
x86 stable
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-05-13 23:45:59 UTC
amd64 stable