CVE-2018-12386Incorrect Type Conversion or Cast in Mozilla Firefox

CWE-704Incorrect Type Conversion or CastCWE-843Type ConfusionCWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write9 documents8 sources
Severity
8.1HIGHNVD
EPSS
39.1%
top 2.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRCanonical Ubuntu Linux+7 more
Timeline
PublishedOct 18
Latest updateMay 14

Description

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified62.0.3
NVDmozilla/firefox< 60.2.2+1
CVEListV5mozilla/firefox_esrunspecified60.2.2

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.6, 7.5

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

4
GHSA
GHSA-5vgc-hmw3-287j: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write2022-05-14
OSV
CVE-2018-12386: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write2018-10-18
CVEList
CVE-2018-12386: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write2018-10-18
OSV
firefox vulnerabilities2018-10-03

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2018-10-03
Red Hat
Mozilla: type confusion in JavaScript2018-10-02
Debian
CVE-2018-12386: firefox - A vulnerability in register allocation in JavaScript can lead to type confusion,...2018

💬Community

1
Bugzilla
CVE-2018-12386 Mozilla: type confusion in JavaScript2018-10-02
CVE-2018-12386 — Incorrect Type Conversion or Cast | cvebase