CVE-2018-12386

MEDIUM

Description

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

References

http://www.securityfocus.com/bid/105460

http://www.securitytracker.com/id/1041770

https://access.redhat.com/errata/RHSA-2018:2881

https://access.redhat.com/errata/RHSA-2018:2884

https://bugzilla.mozilla.org/show_bug.cgi?id=1493900

https://security.gentoo.org/glsa/201810-01

https://usn.ubuntu.com/3778-1/

https://www.debian.org/security/2018/dsa-4310

https://www.mozilla.org/security/advisories/mfsa2018-24/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2018-12-06

Type: CWE-704

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
127404NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0141)NessusNewStart CGSL Local Security Checks
high
127198NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
high
123327openSUSE Security Update : Mozilla Firefox (openSUSE-2019-763)NessusSuSE Local Security Checks
medium
700409Mozilla Firefox < 62.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
120146SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:3476-1)NessusSuSE Local Security Checks
medium
119451SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)NessusSuSE Local Security Checks
high
118761EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1367)NessusHuawei Local Security Checks
medium
118742EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1359)NessusHuawei Local Security Checks
high
118590SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)NessusSuSE Local Security Checks
high
118031Scientific Linux Security Update : firefox on SL7.x x86_64 (20181008)NessusScientific Linux Local Security Checks
medium
118020CentOS 7 : firefox (CESA-2018:2884)NessusCentOS Local Security Checks
medium
118019CentOS 6 : firefox (CESA-2018:2881)NessusCentOS Local Security Checks
medium
117973Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20181008)NessusScientific Linux Local Security Checks
medium
117972RHEL 7 : firefox (RHSA-2018:2884)NessusRed Hat Local Security Checks
medium
117971RHEL 6 : firefox (RHSA-2018:2881)NessusRed Hat Local Security Checks
medium
117970Oracle Linux 7 : firefox (ELSA-2018-2884)NessusOracle Linux Local Security Checks
medium
117928openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1097)NessusSuSE Local Security Checks
medium
117921Mozilla Firefox < 62.0.3 Multiple VulnerabilitiesNessusWindows
medium
117920Mozilla Firefox ESR < 60.2.2 Multiple VulnerabilitiesNessusWindows
medium
117919Mozilla Firefox ESR < 60.2.2 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
medium
117918Mozilla Firefox < 62.0.3 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
medium
117913Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox vulnerabilities (USN-3778-1)NessusUbuntu Local Security Checks
medium
117909Debian DSA-4310-1 : firefox-esr - security updateNessusDebian Local Security Checks
medium
117894GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
117893FreeBSD : mozilla -- multiple vulnerabilities (c4f39920-781f-4aeb-b6af-17ed566c4272)NessusFreeBSD Local Security Checks
medium