BROWSER-FIREFOX -- Snort has detected traffic known to exploit vulnerabilities present in the Firefox browser, or products that have the "Gecko" engine (Thunderbird email client, etc.).
BROWSER-FIREFOX Mozilla Firefox javascript type confusion code execution attempt
This event is generated when exploit attempt against Firefox leveraging CVE-2018-12386 is detected. Impact: remote code execution Details: Ease of Attack: Medium
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-12386A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. |
|