Mozilla Foundation Security Advisory 2018-10
Use-after-free in compositor
- Announced
- March 26, 2018
- Impact
- high
- Products
- Firefox, Firefox ESR
- Fixed in
-
- Firefox 59.0.2
- Firefox ESR 52.7.3
#CVE-2018-5148: Use-after-free in compositor
- Reporter
- Jesse Schwartzentruber
- Impact
- high
Description
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.