Memory corruption vulnerability in JavaScript JIT compiler in Mozilla Firefox and Firefox ESR - CVE-2018-12387 (MAC OS X)ID: oval:org.secpod.oval:def:47870 | Date: (C)2018-10-04 (M)2023-12-20 |
Class: VULNERABILITY | Family: macos |
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.9 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |