Mozilla Foundation Security Advisory 2018-10

Use-after-free in compositor

Announced
March 26, 2018
Impact
high
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 59.0.2
  • Firefox ESR 52.7.3

#CVE-2018-5148: Use-after-free in compositor

Reporter
Jesse Schwartzentruber
Impact
high
Description

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

References