Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12387

Опубликовано: 02 окт. 2018
Источник: redhat
CVSS3: 8.8

Описание

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2018:288108.10.2018
Red Hat Enterprise Linux 7firefoxFixedRHSA-2018:288408.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1635452Mozilla: stack out-of-bounds read in Array.prototype.push

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12387

CVSS3: 9.1
ubuntu
почти 7 лет назад

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

nvd логотип

CVE-2018-12387

CVSS3: 9.1
nvd
почти 7 лет назад

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

debian логотип

CVE-2018-12387

CVSS3: 9.1
debian
почти 7 лет назад

A vulnerability where the JavaScript JIT compiler inlines Array.protot ...

github логотип

GHSA-vfrp-p8qm-9m8x

CVSS3: 9.1
github
около 3 лет назад

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

fstec логотип

BDU:2019-03415

CVSS3: 9.1
fstec
почти 7 лет назад

Уязвимость реализации метода Array.prototype.push JIT-компилятора веб-браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

8.8 High

CVSS3