VDB
GCVE-110-MAGEIA-2018-396
GCVE-110-MAGEIA-2018-396
Advisory Published
Updated firefox packages fix security vulnerabilities:
A vulnerability in register allocation in JavaScript can lead to type
confusion, allowing for an arbitrary read and write. This leads to remote
code execution inside the sandboxed content process when triggered
(CVE-2018-12386).
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push
with multiple arguments that results in the stack pointer being off by 8 bytes
after a bailout. This leaks a memory address to the calling function which can
be used as part of an exploit inside the sandboxed content process
(CVE-2018-12387).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | firefox-l10n | 0 (affected), 60.2.2-1.mga6 (unaffected) | — |
| Mageia | firefox | 60.2.2-1.mga6 (unaffected), 0 (affected) | — |
Aliases
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.