Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2018-10

Use-after-free in compositor

Announced
March 26, 2018
Impact
high
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 59.0.2
  • Firefox ESR 52.7.3

#CVE-2018-5148: Use-after-free in compositor

Reporter
Jesse Schwartzentruber
Impact
high
Description

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

References