CVE-2018-12386

Summary

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 60.2.2affected
MozillaFirefoxunspecified < 62.0.3affected

Weaknesses

  • Type confusion in JavaScript

ADP Enrichment

CVE Program Container

Additional References

References