What is the severity of CVE-2018-12386?

CVE-2018-12386 is classified as a critical vulnerability, allowing for remote code execution.

How do I fix CVE-2018-12386?

To fix CVE-2018-12386, update your software to the latest version of Firefox or Firefox ESR.

What types of software are affected by CVE-2018-12386?

CVE-2018-12386 affects various versions of Mozilla Firefox, Firefox ESR, and multiple versions of Red Hat and Debian Linux.

What are the consequences of exploiting CVE-2018-12386?

Exploiting CVE-2018-12386 can lead to arbitrary read and write access, resulting in possible remote code execution.

Is CVE-2018-12386 specific to a certain operating system?

CVE-2018-12386 is not limited to a single operating system; it affects numerous platforms including Windows, Linux, and macOS.

Vulnerability/
CVE-2018-12386

high

8.1

CWE

704

2/10/2018

18/10/2018

21/11/2024

CVE-2018-12386: Incorrect Type Cast

First published: Tue Oct 02 2018(Updated: )

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<62.0.3	62.0.3
Mozilla Firefox ESR	<60.2.2	60.2.2
redhat enterprise Linux desktop	=6.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux server	=6.0
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server eus	=7.5
redhat enterprise Linux server eus	=7.6
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux workstation	=6.0
redhat enterprise Linux workstation	=7.0
Debian Debian Linux	=9.0
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=18.04
Mozilla Firefox	<62.0.3
Mozilla Firefox ESR	<60.2.2
debian/firefox		134.0.2-2
debian/firefox-esr		115.14.0esr-1~deb11u1 128.6.0esr-1~deb11u3 128.5.0esr-1~deb12u1 128.6.0esr-1~deb12u1 128.6.0esr-4

Remedy

https://bugzilla.mozilla.org/show_bug.cgi?id=1493900

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

MFSA2018-24

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2018-12386?
CVE-2018-12386 is classified as a critical vulnerability, allowing for remote code execution.
How do I fix CVE-2018-12386?
To fix CVE-2018-12386, update your software to the latest version of Firefox or Firefox ESR.
What types of software are affected by CVE-2018-12386?
CVE-2018-12386 affects various versions of Mozilla Firefox, Firefox ESR, and multiple versions of Red Hat and Debian Linux.
What are the consequences of exploiting CVE-2018-12386?
Exploiting CVE-2018-12386 can lead to arbitrary read and write access, resulting in possible remote code execution.
Is CVE-2018-12386 specific to a certain operating system?
CVE-2018-12386 is not limited to a single operating system; it affects numerous platforms including Windows, Linux, and macOS.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-12386
agent/author
agent/severity
agent/weakness
agent/remedy
collector/mozilla-advisory
agent/software-canonical-lookup-request
source/Mozilla
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/event
agent/description
agent/trending
agent/last-modified-date
agent/source
collector/nvd-cve
source/NVD
collector/nvd-index
agent/softwarecombine
agent/tags
collector/security-tracker-debian
source/Debian
vendor/mozilla
canonical/mozilla firefox
canonical/mozilla firefox esr
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/18.04
package-manager/debian

CVE-2018-12386: Incorrect Type Cast

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2018-12386?

How do I fix CVE-2018-12386?

What types of software are affected by CVE-2018-12386?

What are the consequences of exploiting CVE-2018-12386?

Is CVE-2018-12386 specific to a certain operating system?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2018-12386?

How do I fix CVE-2018-12386?

What types of software are affected by CVE-2018-12386?

What are the consequences of exploiting CVE-2018-12386?

Is CVE-2018-12386 specific to a certain operating system?