CVE-2018-12386
Description
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
39.099
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2018-12386,CVE-2018-12387 are affected in Mozilla Firefox 62.0.2 | Windows |
| Vulnerabilities CVE-2018-12383,CVE-2018-12385,CVE-2018-12386,CVE-2018-12387 are affected in Firefox ESR for Mac 60.2.0 | Mac |
| Vulnerabilities CVE-2018-12383,CVE-2018-12385,CVE-2018-12386,CVE-2018-12387 are affected in Mozilla Firefox for Mac 60.2.0 | Mac |
| Vulnerabilities CVE-2018-12386,CVE-2018-12387 are affected in Mozilla Firefox for Mac 62.0.2 | Mac |
| firefox-esr security update(DSA-4310-1) firefox-esr_60.2.2esr-1~deb9u1_i386.deb | Linux |
| firefox-esr security update(DSA-4310-1) firefox-esr_60.2.2esr-1~deb9u1_amd64.deb | Linux |
| (RHSA-2018:2881) firefox security update firefox-60.2.2-1.el6.i686.rpm | Linux |
| (RHSA-2018:2881) firefox security update firefox-60.2.2-1.el6.x86_64.rpm | Linux |
| (RHSA-2018:2884) firefox security update firefox-60.2.2-1.el7_5.i686.rpm | Linux |
| (RHSA-2018:2884) firefox security update firefox-60.2.2-1.el7_5.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234