Lucene search

K
nessusTenable700409.PRM
HistoryFeb 07, 2019 - 12:00 a.m.

Mozilla Firefox < 62.0.3 Multiple Vulnerabilities

2019-02-0700:00:00
Tenable
www.tenable.com
11

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.449 Medium

EPSS

Percentile

97.4%

Versions of Mozilla Firefox prior to 62.0.3 are unpatched for the following vulnerabilities as referenced in the mfsa2018-24 advisory:

  • A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. (CVE-2018-12386)
  • A vulnerability where the JavaScript JIT compiler inlines ‘Array.prototype.push’ with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. (CVE-2018-12387)
Binary data 700409.prm
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.449 Medium

EPSS

Percentile

97.4%