CVE-2018-12386
HIGH8.1EPSS 38.0%firefox-esr - security update
Published: 10/18/2018Modified: 4/28/2026
Also known as:DEBIAN-CVE-2018-12386
Description
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
Affected packages (2)
- Debian/firefox-esrfrom 0, < 60.2.2esr-1
- Debian/firefox-esrfrom 0, < 60.2.2esr-1~deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |