CVE-2018-12386
HIGH8.1EPSS 38.0%firefox-esr - security update
發布日:2018/10/18修改日:2026/4/28
描述
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
受影響套件(2)
- Debian/firefox-esrfrom 0, < 60.2.2esr-1
- Debian/firefox-esrfrom 0, < 60.2.2esr-1~deb9u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |