CVE-2018-12387Improper Input Validation in Mozilla Firefox

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read9 documents8 sources
Severity
9.1CRITICALNVD
EPSS
33.4%
top 3.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRCanonical Ubuntu Linux+7 more
Timeline
PublishedOct 18
Latest updateMay 14

Description

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified62.0.3
NVDmozilla/firefox< 60.2.2+1
CVEListV5mozilla/firefox_esrunspecified60.2.2

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.6, 7.5

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

4
GHSA
GHSA-vfrp-p8qm-9m8x: A vulnerability where the JavaScript JIT compiler inlines Array2022-05-14
OSV
CVE-2018-12387: A vulnerability where the JavaScript JIT compiler inlines Array2018-10-18
CVEList
CVE-2018-12387: A vulnerability where the JavaScript JIT compiler inlines Array2018-10-18
OSV
firefox vulnerabilities2018-10-03

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2018-10-03
Red Hat
Mozilla: stack out-of-bounds read in Array.prototype.push2018-10-02
Debian
CVE-2018-12387: firefox - A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push w...2018

💬Community

1
Bugzilla
CVE-2018-12387 Mozilla: stack out-of-bounds read in Array.prototype.push2018-10-02
CVE-2018-12387 — Improper Input Validation in Mozilla | cvebase