Lucene search
MozillaCVELIST:CVE-2018-12387HistoryOct 18, 2018 - 1:00 p.m.
CVE-2018-12387
2018-10-1813:00:00
mozilla
www.cve.org
1
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
CNA Affected
[
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "62.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
www.securityfocus.com/bid/105460
www.securitytracker.com/id/1041770
access.redhat.com/errata/RHSA-2018:2881
access.redhat.com/errata/RHSA-2018:2884
bugzilla.mozilla.org/show_bug.cgi?id=1493903
security.gentoo.org/glsa/201810-01
usn.ubuntu.com/3778-1/
www.debian.org/security/2018/dsa-4310
www.mozilla.org/security/advisories/mfsa2018-24/
Related
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox JIT Compiler Memory Leak (CVE-2018-12387)
2020-06-05 00:00:00
ubuntucve
ubuntucve
CVE-2018-12387
2018-10-03 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2018-10-03 05:32:39
nessus
nessus
Slackware 14.2 / current : mozilla-firefox (SSA:2018-276-01)
2018-10-03 00:00:00
FreeBSD : mozilla -- multiple vulnerabilities (c4f39920-781f-4aeb-b6af-17ed566c4272)
2018-10-03 00:00:00
Mozilla Firefox < 62.0.3 Multiple Vulnerabilities (macOS)
2018-10-04 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-16 03:37:14
cve
cve
CVE-2018-12387
2018-10-18 13:29:06
redhatcve
redhatcve
CVE-2018-12387
2019-10-10 09:41:30
prion
prion
Null pointer dereference
2018-10-18 13:29:00
nvd
nvd
CVE-2018-12387
2018-10-18 13:29:06
debiancve
debiancve
CVE-2018-12387
2018-10-18 13:29:06
openvas
openvas
Slackware: Security Advisory (SSA:2018-276-01)
2022-04-21 00:00:00
Mageia: Security Advisory (MGASA-2018-0396)
2022-01-28 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-10-02 00:00:00
centos
centos
firefox security update
2018-10-09 13:32:55
firefox security update
2018-10-09 15:40:38
archlinux
archlinux
[ASA-201810-6] firefox: multiple issues
2018-10-04 00:00:00
osv
osv
firefox-esr - security update
2018-10-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.2.2-alt1
2018-10-02 00:00:00
oraclelinux
oraclelinux
firefox security update
2018-10-08 00:00:00
firefox security update
2018-11-01 00:00:00
kaspersky
kaspersky
KLA11325 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2018-10-02 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2018-10-14 03:58:33
debian
debian
[SECURITY] [DSA 4310-1] firefox-esr security update
2018-10-03 19:00:47
[SECURITY] [DSA 4310-1] firefox-esr security update
2018-10-03 19:00:47
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2018-11-02 04:15:02
suse
suse
Security update for Mozilla Firefox (important)
2018-10-04 15:10:04
redhat
redhat
(RHSA-2018:2884) Critical: firefox security update
2018-10-08 19:02:47
(RHSA-2018:2881) Critical: firefox security update
2018-10-08 07:42:28
mozilla
mozilla
ubuntu
ubuntu
Firefox vulnerabilities
2018-10-03 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2018-10-02 00:00:00