CVE-2018-12386

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12386

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12386.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-12386

Related

Published

2018-10-18T13:29:06Z

Modified

2024-09-18T01:00:19Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

References

Affected packages

Debian:11 / firefox-esr

Package

Name: firefox-esr
Purl: pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

60.2.2esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / firefox-esr

Package

Name: firefox-esr
Purl: pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

60.2.2esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / firefox-esr

Package

Name: firefox-esr
Purl: pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

60.2.2esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}