CLD-569 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s) fixed-in-60.2.2, mfsa2018-24

Basic Information:

Affected Package(s) firefox
Deficiency Type SECURITY
Date Created 2018-10-02 22:02:46
Date Last Modified 2018-10-02 22:07:56

Version Specific Information:

Cucumber 1.0 i686 fixed in firefox-60.2.2esr-i686-1
Cucumber 1.0 x86_64 fixed in firefox-60.2.2esr-x86_64-1

Cucumber 1.1 i686 fixed in firefox-60.2.2esr-i686-1
Cucumber 1.1 x86_64 fixed in firefox-60.2.2esr-x86_64-1

Details:

Fixes two critical vulnerabilties:

CVE-2018-12386: Type confusion in JavaScript
	This allows for remote code execution inside a sandboxed content
	process.
CVE-2018-12387: Memory leak in JavaScript JIT compiler
	This leaks the memory address of the calling function, which can be
	useful in other attacks.

See the full report at
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/