Published: 18/10/2018 Updated: 06/12/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux workstation 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.6
redhat enterprise linux server tus 7.6
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server aus 7.6
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
mozilla firefox
mozilla firefox esr

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process For the stable distribution (stretch), these problems have been fixed in version 6022esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed ...

Mozilla Foundation Security Advisory 2018-24 Security vulnerabilities fixed in Firefox 6203 and Firefox ESR 6022 Announced October 2, 2018 Impact critical Products Firefox, Firefox ESR Fixed in Fire ...

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write This leads to remote code execution inside the sandboxed content process when triggered This vulnerability affects Firefox ESR < 6022 and Firefox < 6203 ...

A vulnerability has been found in Firefox before 6203 in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write This leads to remote code execution inside the sandboxed content process when triggered ...

CVE-2018-12386 - Firefox Sandboxed RCE Exploit for Linux (Firefox <v62.0.3)

Firefox Sandboxed RCE Exploit (CVE-2018-12386) Here is a simple exploit for the vulnerability CVE-2018-12386 found by Niklas Baumstark, Samuel Groß and Bruno Keith This is mostly a PoC I did for fun, there is no sandbox bypass and it will only work on a given Linux setup where the offsets used by the exploit are already known (they can be changed in exploit/offsetsjs)

CWE-704 https://www.mozilla.org/security/advisories/mfsa2018-24/https://bugzilla.mozilla.org/show_bug.cgi?id=1493900 https://www.debian.org/security/2018/dsa-4310 https://usn.ubuntu.com/3778-1/https://access.redhat.com/errata/RHSA-2018:2884 https://access.redhat.com/errata/RHSA-2018:2881 http://www.securitytracker.com/id/1041770 http://www.securityfocus.com/bid/105460 https://security.gentoo.org/glsa/201810-01 https://access.redhat.com/errata/RHSA-2018:2881 https://usn.ubuntu.com/3778-1/https://nvd.nist.gov

CVE-2018-12386

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect