VDB

CVE-2018-12386

CVE-2018-12386 PUBLISHED

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

EPSS 37.99% · 97.3th percentile

Risk Scores

EPSS Score
37.99%
97.3th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSmozjs5252.3.1-0ubuntu3, 52.3.1-7fakesync1, 52.9.1-0ubuntu0.18.04.1
Ubuntu:14.04:LTSthunderbird1:24.2.0+build1-0ubuntu1, 1:24.4.0+build1-0ubuntu1, 1:24.5.0+build1-0ubuntu0.14.04.1
Ubuntu:16.04:LTSthunderbird*, *, *
Ubuntu:20.04:LTSmozjs5252.9.1-1build1, 0, 52.9.1-1ubuntu3
Ubuntu:18.04:LTSfirefox62.0+build2-0ubuntu0.18.04.3, 61.0+build3-0ubuntu0.18.04.1, 60.0.2+build1-0ubuntu0.18.04.1
Ubuntu:14.04:LTSfirefox*, 0, 24.0+build1-0ubuntu1
Ubuntu:18.04:LTSmozjs38*, *, *
Ubuntu:18.04:LTSthunderbird1:60.2.1+build1-0ubuntu0.18.04.2, 1:52.6.0+build1-0ubuntu1, 1:52.4.0+build1-0ubuntu2
Ubuntu:16.04:LTSfirefox53.0.3+build1-0ubuntu0.16.04.2, *, 56.0+build6-0ubuntu0.16.04.2

Exploit Intelligence

…and 9 more exploits

Timeline

  • Oct 3, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 13, 2023 EPSS Score
  • Jul 8, 2023 EPSS Score
  • Sep 15, 2023 EPSS Score
  • Nov 17, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›