MGASA-2018-0396

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0396.html

Import Source

https://advisories.mageia.org/MGASA-2018-0396.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0396

Related

Published

2018-10-14T00:58:33Z

Modified

2018-10-14T00:34:03Z

Summary

Updated firefox packages fix security vulnerabilities

Details

Updated firefox packages fix security vulnerabilities:

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered (CVE-2018-12386).

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process (CVE-2018-12387).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

60.2.2-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

60.2.2-1.mga6

Ecosystem specific

{
    "section": "core"
}