[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-12386Date: (C)2018-10-23   (M)2024-03-27


A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 5.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
SECTRACK-1041770
BID-105460
DSA-4310
GLSA-201810-01
RHSA-2018:2881
RHSA-2018:2884
USN-3778-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
https://www.mozilla.org/security/advisories/mfsa2018-24/

CPE    333
cpe:/a:mozilla:firefox:37.0
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox_esr:17.0.10
cpe:/a:mozilla:firefox_esr:38.0
...
CWE    1
CWE-704
OVAL    19
oval:org.secpod.oval:def:89002034
oval:org.secpod.oval:def:2103524
oval:org.secpod.oval:def:2103520
oval:org.secpod.oval:def:89002419
...

© SecPod Technologies