CVE-2018-12386

high

Description

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

References

https://www.mozilla.org/security/advisories/mfsa2018-24/

https://www.debian.org/security/2018/dsa-4310

https://usn.ubuntu.com/3778-1/

https://security.gentoo.org/glsa/201810-01

https://bugzilla.mozilla.org/show_bug.cgi?id=1493900

https://access.redhat.com/errata/RHSA-2018:2884

https://access.redhat.com/errata/RHSA-2018:2881

http://www.securitytracker.com/id/1041770

http://www.securityfocus.com/bid/105460

Details

Source: Mitre, NVD

Published: 2018-10-18

Updated: 2018-12-06

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: High