exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2018-12387

Status Candidate

Overview

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Related Files

Red Hat Security Advisory 2018-2884-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2884-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include type confusion and out-of-bounds read vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | f06f3d8b68aa18c8ac9bf3ba50b53405
Red Hat Security Advisory 2018-2881-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2881-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include an out-of-bounds read.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | 6d99119798d9c642e65db56f4c2556ae
Debian Security Advisory 4310-1
Posted Oct 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4310-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | b88ceaa2ffe174a5b82e94d946d662e0
Ubuntu Security Notice USN-3778-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2018-12385, CVE-2018-12386, CVE-2018-12387
MD5 | c62ea9beea2ef5ac1b71a02d553818db
Slackware Security Advisory - mozilla-firefox Updates
Posted Oct 3, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-12387
MD5 | 7f98aa721388c5dcd0fd1d76ab08d71a
Gentoo Linux Security Advisory 201810-01
Posted Oct 2, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-16541, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12381, CVE-2018-12383, CVE-2018-12385, CVE-2018-12386, CVE-2018-12387, CVE-2018-5125, CVE-2018-5127
MD5 | 2ed8115633bd219ec3b7e1781a6f664a
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close