DEBIAN-CVE-2018-12371
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 09 Jul 2020, 14:15
Last modified:28 Apr 2026, 20:18
Vulnerability Summary
Overall Risk (default)
medium
35/100 CVSS Score
8.8 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Jul 2020, 14:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:18
Last Modified
Vulnerability information updated
Description
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Systems
- debian•thunderbird
< 1:60.0-1 | < 1:60.0-1 | < 1:60.0-1 | < 1:60.0-1