{"id":"MGASA-2018-0396","summary":"Updated firefox packages fix security vulnerabilities","details":"Updated firefox packages fix security vulnerabilities:\n\nA vulnerability in register allocation in JavaScript can lead to type\nconfusion, allowing for an arbitrary read and write. This leads to remote\ncode execution inside the sandboxed content process when triggered\n(CVE-2018-12386).\n\nA vulnerability where the JavaScript JIT compiler inlines Array.prototype.push\nwith multiple arguments that results in the stack pointer being off by 8 bytes\nafter a bailout. This leaks a memory address to the calling function which can\nbe used as part of an exploit inside the sandboxed content process\n(CVE-2018-12387).\n","modified":"2026-04-16T06:23:19.504542657Z","published":"2018-10-14T00:58:33Z","upstream":["CVE-2018-12386","CVE-2018-12387"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0396.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23653"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.2.2-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0396.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.2.2-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0396.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}