View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-18500 severity moderate: SUSE including 184 source package names (1.0.0.1862.1.5.2:libfreebl3-3.41.1-3.13.1, 1.0.0.1862.1.5.2:libsoftokn3-3.41.1-3.13.1, …), 743 product×package rows across 122 product lines (Container bci/openjdk, Container bci/openjdk-devel, … (122 product lines)): Fixed 694, Known Not Affected 49.
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.