[FREEBSD:C4F39920-781F-4AEB-B6AF-17ED566C4272] mozilla -- multiple vulnerabilities
Severity
Critical
Affected Packages
6
CVEs
2
Mozilla Foundation reports:
CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can
lead to type confusion, allowing for an arbitrary read and
write. This leads to remote code execution inside the
sandboxed content process when triggered.
CVE-2018-12387:
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results
in the stack pointer being off by 8 bytes after a
bailout. This leaks a memory address to the calling
function which can be used as part of an exploit inside
the sandboxed content process.
Package | Affected Version |
---|---|
pkg:freebsd/waterfox | < 56.2.4 |
pkg:freebsd/seamonkey | < 2.53.0 |
pkg:freebsd/linux-firefox | < 60.2.2,2 |
pkg:freebsd/libxul | < 60.2.2 |
pkg:freebsd/firefox-esr | < 60.2.2,1 |
pkg:freebsd/firefox | < 62.0.3,1 |
- ID
- FREEBSD:C4F39920-781F-4AEB-B6AF-17ED566C4272
- Severity
- critical
- Severity from
- CVE-2018-12387
- URL
- http://vuxml.freebsd.org/freebsd/c4f39920-781f-4aeb-b6af-17ed566c4272.html
- Published
-
2018-10-02T00:00:00
(6 years ago) - Modified
-
2018-10-02T00:00:00
(6 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/waterfox | waterfox | < 56.2.4 | ||||
Affected | pkg:freebsd/seamonkey | seamonkey | < 2.53.0 | ||||
Affected | pkg:freebsd/linux-firefox | linux-firefox | < 60.2.2,2 | ||||
Affected | pkg:freebsd/libxul | libxul | < 60.2.2 | ||||
Affected | pkg:freebsd/firefox-esr | firefox-esr | < 60.2.2,1 | ||||
Affected | pkg:freebsd/firefox | firefox | < 62.0.3,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |