OVAL Reference oval:com.ubuntu.cosmic:def:2018123870000000

Oval Definition:

oval:com.ubuntu.cosmic:def:2018123870000000

Revision Date:	2018-10-18	Version:	1
Title:	CVE-2018-12387 on Ubuntu 18.10 (cosmic) - medium.
Description:	A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-12387
Platform(s):	Ubuntu 18.10	Product(s):
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed. AND Package Information firefox package in cosmic was vulnerable but has been fixed (note: '62.0.3+build1-0ubuntu1'). OR mozjs52: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR thunderbird package in cosmic was vulnerable but has been fixed (note: '1:60.4.0+build2-0ubuntu0.18.10.1').