[MFSA-2018-24] Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2

Severity Critical

Affected Packages 2

Fixed Packages 2

CVEs 2

CVE-2018-12386: Type confusion in JavaScript (critical)
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.
CVE-2018-12387: (critical)
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.

Package	Affected Version
pkg:mozilla/Firefox%20ESR	< 60.2.2
pkg:mozilla/Firefox	< 62.0.3

Package	Fixed Version
pkg:mozilla/Firefox%20ESR	= 60.2.2
pkg:mozilla/Firefox	= 62.0.3

ID

MFSA-2018-24

Severity

critical

URL

Published

2018-10-02T00:00:00
(6 years ago)

Modified

2018-10-02T00:00:00
(6 years ago)

Other Advisories

Source	# ID	Name	URL
Bugzilla	1493900		https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
Bugzilla	1493903		https://bugzilla.mozilla.org/show_bug.cgi?id=1493903

Type	Package URL	Name / Product	Version
Affected	pkg:mozilla/Firefox%20ESR	Firefox ESR	< 60.2.2
Fixed	pkg:mozilla/Firefox%20ESR	Firefox ESR	= 60.2.2
Affected	pkg:mozilla/Firefox	Firefox	< 62.0.3
Fixed	pkg:mozilla/Firefox	Firefox	= 62.0.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date