vulnerability
FreeBSD: VID-c4f39920-781f-4aeb-b6af-17ed566c4272 (CVE-2018-12387): mozilla -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:N/A:P) | Oct 2, 2018 | Oct 3, 2018 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
Published
Oct 2, 2018
Added
Oct 3, 2018
Modified
Dec 10, 2025
Description
Mozilla Foundation reports: CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. CVE-2018-12387: A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.
Solutions
freebsd-upgrade-package-firefoxfreebsd-upgrade-package-waterfoxfreebsd-upgrade-package-seamonkeyfreebsd-upgrade-package-linux-seamonkeyfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-libxulfreebsd-upgrade-package-thunderbirdfreebsd-upgrade-package-linux-thunderbird
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.