6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
0.449 Medium
EPSS
Percentile
97.4%
Mozilla Foundation reports:
CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can
lead to type confusion, allowing for an arbitrary read and
write. This leads to remote code execution inside the
sandboxed content process when triggered.
CVE-2018-12387:
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results
in the stack pointer being off by 8 bytes after a
bailout. This leaks a memory address to the calling
function which can be used as part of an exploit inside
the sandboxed content process.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 62.0.3,1 | UNKNOWN |
FreeBSD | any | noarch | waterfox | < 56.2.4 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 2.53.0 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 2.53.0 | UNKNOWN |
FreeBSD | any | noarch | firefox-esr | < 60.2.2,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 60.2.2,2 | UNKNOWN |
FreeBSD | any | noarch | libxul | < 60.2.2 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 60.2.2 | UNKNOWN |
FreeBSD | any | noarch | linux-thunderbird | < 60.2.2 | UNKNOWN |
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
0.449 Medium
EPSS
Percentile
97.4%