A use-after-free vulnerability can occur when an index is deleted while still in use in IndexedDB by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
Acknowledgments: Name: the Mozilla project Upstream: Zhanjia Song
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2692 https://access.redhat.com/errata/RHSA-2018:2692
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2693 https://access.redhat.com/errata/RHSA-2018:2693
Statement: This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3403
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3458 https://access.redhat.com/errata/RHSA-2018:3458