CVE-2018-12386

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

References

http://www.securityfocus.com/bid/105460

http://www.securitytracker.com/id/1041770

https://access.redhat.com/errata/RHSA-2018:2881

https://access.redhat.com/errata/RHSA-2018:2884

https://bugzilla.mozilla.org/show_bug.cgi?id=1493900

https://security.gentoo.org/glsa/201810-01

https://usn.ubuntu.com/3778-1/

https://www.debian.org/security/2018/dsa-4310

https://www.mozilla.org/security/advisories/mfsa2018-24/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2018-12-06

Type: CWE-704

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
127404NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0141)NessusNewStart CGSL Local Security Checks
critical
127198NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
critical
123327openSUSE Security Update : Mozilla Firefox (openSUSE-2019-763)NessusSuSE Local Security Checks
critical
700409Mozilla Firefox < 62.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
120146SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:3476-1)NessusSuSE Local Security Checks
critical
119451SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)NessusSuSE Local Security Checks
critical
118761EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1367)NessusHuawei Local Security Checks
critical
118742EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1359)NessusHuawei Local Security Checks
critical
118590SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)NessusSuSE Local Security Checks
critical
118031Scientific Linux Security Update : firefox on SL7.x x86_64 (20181008)NessusScientific Linux Local Security Checks
critical
118020CentOS 7 : firefox (CESA-2018:2884)NessusCentOS Local Security Checks
critical
118019CentOS 6 : firefox (CESA-2018:2881)NessusCentOS Local Security Checks
critical
117973Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20181008)NessusScientific Linux Local Security Checks
critical
117972RHEL 7 : firefox (RHSA-2018:2884)NessusRed Hat Local Security Checks
critical
117971RHEL 6 : firefox (RHSA-2018:2881)NessusRed Hat Local Security Checks
critical
117970Oracle Linux 7 : firefox (ELSA-2018-2884)NessusOracle Linux Local Security Checks
critical
117928openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1097)NessusSuSE Local Security Checks
critical
117921Mozilla Firefox < 62.0.3 Multiple VulnerabilitiesNessusWindows
critical
117920Mozilla Firefox ESR < 60.2.2 Multiple VulnerabilitiesNessusWindows
critical
117919Mozilla Firefox ESR < 60.2.2 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
117918Mozilla Firefox < 62.0.3 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
117913Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox vulnerabilities (USN-3778-1)NessusUbuntu Local Security Checks
critical
117909Debian DSA-4310-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
117894GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
117893FreeBSD : mozilla -- multiple vulnerabilities (c4f39920-781f-4aeb-b6af-17ed566c4272)NessusFreeBSD Local Security Checks
critical