CVE-2018-12386: Incorrect Type Cast
First published: Tue Oct 02 2018(Updated: )
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <62.0.3 | 62.0.3 |
| Firefox ESR | <60.2.2 | 60.2.2 |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Debian Linux | =9.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Firefox | <62.0.3 | |
| Firefox ESR | <60.2.2 | |
| debian/firefox | 137.0.1-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.9.0esr-1~deb11u1 128.8.0esr-1~deb12u1 128.9.0esr-1~deb12u1 128.9.0esr-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
- https://www.mozilla.org/security/advisories/mfsa2018-24/
- https://www.debian.org/security/2018/dsa-4310
- https://access.redhat.com/errata/RHSA-2018:2881
- https://access.redhat.com/errata/RHSA-2018:2884
- https://usn.ubuntu.com/3778-1/
- http://www.securityfocus.com/bid/105460
- http://www.securitytracker.com/id/1041770
- https://security.gentoo.org/glsa/201810-01
- https://launchpad.net/bugs/cve/CVE-2018-12386
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
- https://bugzilla.redhat.com/show_bug.cgi?id=1635451
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
- https://security-tracker.debian.org/tracker/CVE-2018-12386
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12386
- https://nvd.nist.gov/vuln/detail/CVE-2018-12386
- https://ubuntu.com/security/CVE-2018-12386
Frequently Asked Questions
What is the severity of CVE-2018-12386?
CVE-2018-12386 is classified as a critical vulnerability, allowing for remote code execution.
How do I fix CVE-2018-12386?
To fix CVE-2018-12386, update your software to the latest version of Firefox or Firefox ESR.
What types of software are affected by CVE-2018-12386?
CVE-2018-12386 affects various versions of Mozilla Firefox, Firefox ESR, and multiple versions of Red Hat and Debian Linux.
What are the consequences of exploiting CVE-2018-12386?
Exploiting CVE-2018-12386 can lead to arbitrary read and write access, resulting in possible remote code execution.
Is CVE-2018-12386 specific to a certain operating system?
CVE-2018-12386 is not limited to a single operating system; it affects numerous platforms including Windows, Linux, and macOS.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-12386
- agent/severity
- agent/weakness
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/author
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- agent/event
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- package-manager/debian