Oval Definition:	oval:com.ubuntu.cosmic:def:201812387000
Revision Date: 2018-10-18 Version: 1 Title: CVE-2018-12387 on Ubuntu 18.10 (cosmic) - medium. Description: A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-12387 Platform(s): Ubuntu 18.10 Product(s): Definition Synopsis Ubuntu 18.10 (cosmic) is installed. AND Package Information The 'firefox' package in cosmic was vulnerable but has been fixed (note: '62.0.3+build1-0ubuntu1'). OR The vulnerability of the 'mozjs52' package in cosmic is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'thunderbird' package in cosmic is not known (status: 'needs-triage'). It is pending evaluation.
BACK