Published: 18/10/2018 Updated: 06/12/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 572

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux desktop 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server eus 7.6
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.5
redhat enterprise linux server 6.0
redhat enterprise linux server tus 7.6
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
mozilla firefox esr
mozilla firefox

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process For the stable distribution (stretch), these problems have been fixed in version 6022esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed ...

A vulnerability where the JavaScript JIT compiler inlines Arrayprototypepush with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process This vulnerability affects Firefox ESR < 6 ...

Mozilla Foundation Security Advisory 2018-24 Security vulnerabilities fixed in Firefox 6203 and Firefox ESR 6022 Announced October 2, 2018 Impact critical Products Firefox, Firefox ESR Fixed in Fire ...

A vulnerability has been found in Firefox before 6203 where the JavaScript JIT compiler inlines Arrayprototypepush with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process ...

CWE-20 https://www.mozilla.org/security/advisories/mfsa2018-24/https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://www.debian.org/security/2018/dsa-4310 https://usn.ubuntu.com/3778-1/https://access.redhat.com/errata/RHSA-2018:2884 https://access.redhat.com/errata/RHSA-2018:2881 http://www.securitytracker.com/id/1041770 http://www.securityfocus.com/bid/105460 https://security.gentoo.org/glsa/201810-01 https://access.redhat.com/errata/RHSA-2018:2881 https://nvd.nist.gov https://usn.ubuntu.com/3778-1/

CVE-2018-12387

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect