CVE-2018-12386
N/A
N/A
Summary
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 60.2.2 | affected |
| Mozilla | Firefox | unspecified < 62.0.3 | affected |
Weaknesses
- Type confusion in JavaScript
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201810-01
- http://www.securityfocus.com/bid/105460
- https://usn.ubuntu.com/3778-1/
- https://www.debian.org/security/2018/dsa-4310
- https://access.redhat.com/errata/RHSA-2018:2884
- http://www.securitytracker.com/id/1041770
- https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
- https://www.mozilla.org/security/advisories/mfsa2018-24/
- https://access.redhat.com/errata/RHSA-2018:2881
References
- https://security.gentoo.org/glsa/201810-01
- http://www.securityfocus.com/bid/105460
- https://usn.ubuntu.com/3778-1/
- https://www.debian.org/security/2018/dsa-4310
- https://access.redhat.com/errata/RHSA-2018:2884
- http://www.securitytracker.com/id/1041770
- https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
- https://www.mozilla.org/security/advisories/mfsa2018-24/
- https://access.redhat.com/errata/RHSA-2018:2881
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.