Think you have a false positive on this rule?

Sid 1-48626

Message

BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt

Summary

This event is generated when attacker attempts to exploit a information lead in Mozilla Firefox

Impact

Remote code execution

CVE-2018-12387:

CVSS base score 9.1

CVSS impact score 5.2

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2018-12387: A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Affected systems

  • mozilla firefox -
  • mozilla firefox 0.1
  • mozilla firefox 0.2
  • mozilla firefox 0.3
  • mozilla firefox 0.4
  • mozilla firefox 0.5
  • mozilla firefox 0.6
  • mozilla firefox 0.6.1
  • mozilla firefox 0.7
  • mozilla firefox 0.7.1
  • mozilla firefox 0.8
  • mozilla firefox 0.9
  • mozilla firefox 0.9.1
  • mozilla firefox 0.9.2
  • mozilla firefox 0.9.3
  • mozilla firefox 0.10
  • mozilla firefox 0.10.1
  • mozilla firefox 1.0
  • mozilla firefox 1.0.1
  • mozilla firefox 1.0.2
  • mozilla firefox 1.0.3
  • mozilla firefox 1.0.4
  • mozilla firefox 1.0.5
  • mozilla firefox 1.0.6
  • mozilla firefox 1.0.7
  • mozilla firefox 1.0.8
  • mozilla firefox 1.4.1
  • mozilla firefox 1.5
  • mozilla firefox 1.5.0.1
  • mozilla firefox 1.5.0.2
  • mozilla firefox 1.5.0.3
  • mozilla firefox 1.5.0.4
  • mozilla firefox 1.5.0.5
  • mozilla firefox 1.5.0.6
  • mozilla firefox 1.5.0.7
  • mozilla firefox 1.5.0.8
  • mozilla firefox 1.5.0.9
  • mozilla firefox 1.5.0.10
  • mozilla firefox 1.5.0.11
  • mozilla firefox 1.5.0.12
  • mozilla firefox 1.5.1
  • mozilla firefox 1.5.2
  • mozilla firefox 1.5.3
  • mozilla firefox 1.5.4
  • mozilla firefox 1.5.5
  • mozilla firefox 1.5.6
  • mozilla firefox 1.5.7
  • mozilla firefox 1.5.8
  • mozilla firefox 1.8
  • mozilla firefox 2.0
  • mozilla firefox 2.0.0.1
  • mozilla firefox 2.0.0.2
  • mozilla firefox 2.0.0.3
  • mozilla firefox 2.0.0.4
  • mozilla firefox 2.0.0.5
  • mozilla firefox 2.0.0.6
  • mozilla firefox 2.0.0.7
  • mozilla firefox 2.0.0.8
  • mozilla firefox 2.0.0.9
  • mozilla firefox 2.0.0.10
  • mozilla firefox 2.0.0.11
  • mozilla firefox 2.0.0.12
  • mozilla firefox 2.0.0.13
  • mozilla firefox 2.0.0.14
  • mozilla firefox 2.0.0.15
  • mozilla firefox 2.0.0.16
  • mozilla firefox 2.0.0.17
  • mozilla firefox 2.0.0.18
  • mozilla firefox 2.0.0.19
  • mozilla firefox 2.0.0.20
  • mozilla firefox 3.0
  • mozilla firefox 3.0.1
  • mozilla firefox 3.0.2
  • mozilla firefox 3.0.3
  • mozilla firefox 3.0.4
  • mozilla firefox 3.0.5
  • mozilla firefox 3.0.6
  • mozilla firefox 3.0.7
  • mozilla firefox 3.0.8
  • mozilla firefox 3.0.9
  • mozilla firefox 3.0.10
  • mozilla firefox 3.0.11
  • mozilla firefox 3.0.12
  • mozilla firefox 3.0.13
  • mozilla firefox 3.0.14
  • mozilla firefox 3.0.15
  • mozilla firefox 3.0.16
  • mozilla firefox 3.0.17
  • mozilla firefox 3.0.18
  • mozilla firefox 3.0.19
  • mozilla firefox 3.5
  • mozilla firefox 3.5.1
  • mozilla firefox 3.5.2
  • mozilla firefox 3.5.3
  • mozilla firefox 3.5.4
  • mozilla firefox 3.5.5
  • mozilla firefox 3.5.6
  • mozilla firefox 3.5.7
  • mozilla firefox 3.5.8
  • mozilla firefox 3.5.9
  • mozilla firefox 3.5.10
  • mozilla firefox 3.5.11
  • mozilla firefox 3.5.12
  • mozilla firefox 3.5.13
  • mozilla firefox 3.5.14
  • mozilla firefox 3.5.15
  • mozilla firefox 3.5.16
  • mozilla firefox 3.5.17
  • mozilla firefox 3.5.18
  • mozilla firefox 3.5.19
  • mozilla firefox 3.6
  • mozilla firefox 3.6.2
  • mozilla firefox 3.6.3
  • mozilla firefox 3.6.4
  • mozilla firefox 3.6.6
  • mozilla firefox 3.6.7
  • mozilla firefox 3.6.8
  • mozilla firefox 3.6.9
  • mozilla firefox 3.6.10
  • mozilla firefox 3.6.11
  • mozilla firefox 3.6.12
  • mozilla firefox 3.6.13
  • mozilla firefox 3.6.14
  • mozilla firefox 3.6.15
  • mozilla firefox 3.6.16
  • mozilla firefox 3.6.17
  • mozilla firefox 3.6.18
  • mozilla firefox 3.6.19
  • mozilla firefox 3.6.20
  • mozilla firefox 3.6.21
  • mozilla firefox 3.6.22
  • mozilla firefox 3.6.23
  • mozilla firefox 3.6.24
  • mozilla firefox 3.6.25
  • mozilla firefox 3.6.26
  • mozilla firefox 3.6.27
  • mozilla firefox 3.6.28
  • mozilla firefox 4.0
  • mozilla firefox 4.0.1
  • mozilla firefox 5.0
  • mozilla firefox 5.0.1
  • mozilla firefox 6.0
  • mozilla firefox 6.0.1
  • mozilla firefox 6.0.2
  • mozilla firefox 7.0
  • mozilla firefox 7.0.1
  • mozilla firefox 8.0
  • mozilla firefox 8.0.1
  • mozilla firefox 9.0
  • mozilla firefox 9.0.1
  • mozilla firefox 10.0
  • mozilla firefox 10.0.1
  • mozilla firefox 10.0.2
  • mozilla firefox 10.0.3
  • mozilla firefox 10.0.4
  • mozilla firefox 10.0.5
  • mozilla firefox 10.0.6
  • mozilla firefox 10.0.7
  • mozilla firefox 10.0.8
  • mozilla firefox 10.0.9
  • mozilla firefox 10.0.10
  • mozilla firefox 10.0.11
  • mozilla firefox 10.0.12
  • mozilla firefox 11.0
  • mozilla firefox 12.0
  • mozilla firefox 13.0
  • mozilla firefox 13.0.1
  • mozilla firefox 14.0
  • mozilla firefox 14.0.1
  • mozilla firefox 15.0
  • mozilla firefox 15.0.1
  • mozilla firefox 16.0
  • mozilla firefox 16.0.1
  • mozilla firefox 16.0.2
  • mozilla firefox 17.0
  • mozilla firefox 17.0.1
  • mozilla firefox 17.0.2
  • mozilla firefox 17.0.3
  • mozilla firefox 17.0.4
  • mozilla firefox 17.0.5
  • mozilla firefox 17.0.6
  • mozilla firefox 17.0.7
  • mozilla firefox 17.0.8
  • mozilla firefox 17.0.9
  • mozilla firefox 17.0.10
  • mozilla firefox 17.0.11
  • mozilla firefox 18.0
  • mozilla firefox 18.0.1
  • mozilla firefox 18.0.2
  • mozilla firefox 19.0
  • mozilla firefox 19.0.1
  • mozilla firefox 19.0.2
  • mozilla firefox 20.0
  • mozilla firefox 20.0.1
  • mozilla firefox 21.0
  • mozilla firefox 22.0
  • mozilla firefox 23.0
  • mozilla firefox 23.0.1
  • mozilla firefox 24.0
  • mozilla firefox 24.1
  • mozilla firefox 24.1.0
  • mozilla firefox 24.1.1
  • mozilla firefox 24.2.0
  • mozilla firefox 24.3.0
  • mozilla firefox 24.4.0
  • mozilla firefox 24.5.0
  • mozilla firefox 24.6.0
  • mozilla firefox 24.7.0
  • mozilla firefox 24.8.0
  • mozilla firefox 24.8.1
  • mozilla firefox 25.0
  • mozilla firefox 25.0.1
  • mozilla firefox 26.0
  • mozilla firefox 27.0
  • mozilla firefox 27.0.1
  • mozilla firefox 28.0
  • mozilla firefox 29.0
  • mozilla firefox 29.0.1
  • mozilla firefox 30.0
  • mozilla firefox 31.0
  • mozilla firefox 31.1.0
  • mozilla firefox 31.1.1
  • mozilla firefox 31.2.0
  • mozilla firefox 31.3.0
  • mozilla firefox 31.4.0
  • mozilla firefox 31.5.0
  • mozilla firefox 31.5.2
  • mozilla firefox 31.5.3
  • mozilla firefox 31.6.0
  • mozilla firefox 31.7.0
  • mozilla firefox 31.8.0
  • mozilla firefox 32.0
  • mozilla firefox 32.0.1
  • mozilla firefox 32.0.2
  • mozilla firefox 32.0.3
  • mozilla firefox 33.0
  • mozilla firefox 33.0.1
  • mozilla firefox 33.0.2
  • mozilla firefox 33.0.3
  • mozilla firefox 33.1
  • mozilla firefox 33.1.1
  • mozilla firefox 34.0
  • mozilla firefox 34.0.5
  • mozilla firefox 35.0
  • mozilla firefox 35.0.1
  • mozilla firefox 36.0
  • mozilla firefox 36.0.1
  • mozilla firefox 36.0.3
  • mozilla firefox 36.0.4
  • mozilla firefox 37.0
  • mozilla firefox 37.0.1
  • mozilla firefox 37.0.2
  • mozilla firefox 38.0
  • mozilla firefox 38.0.1
  • mozilla firefox 38.0.5
  • mozilla firefox 38.1.0
  • mozilla firefox 38.1.1
  • mozilla firefox 38.2.0
  • mozilla firefox 38.2.1
  • mozilla firefox 38.3.0
  • mozilla firefox 38.4.0
  • mozilla firefox 38.5.0
  • mozilla firefox 38.5.1
  • mozilla firefox 38.5.2
  • mozilla firefox 38.6.0
  • mozilla firefox 38.6.1
  • mozilla firefox 38.7.0
  • mozilla firefox 38.7.1
  • mozilla firefox 38.8.0
  • mozilla firefox 39.0
  • mozilla firefox 39.0.3
  • mozilla firefox 40.0
  • mozilla firefox 40.0.2
  • mozilla firefox 40.0.3
  • mozilla firefox 41.0
  • mozilla firefox 41.0.1
  • mozilla firefox 41.0.2
  • mozilla firefox 42.0
  • mozilla firefox 43.0
  • mozilla firefox 43.0.1
  • mozilla firefox 43.0.2
  • mozilla firefox 43.0.3
  • mozilla firefox 43.0.4
  • mozilla firefox 44.0
  • mozilla firefox 44.0.1
  • mozilla firefox 44.0.2
  • mozilla firefox 45.0
  • mozilla firefox 45.0.1
  • mozilla firefox 45.0.2
  • mozilla firefox 45.1.1
  • mozilla firefox 45.2.0
  • mozilla firefox 45.3.0
  • mozilla firefox 45.4.0
  • mozilla firefox 45.5.0
  • mozilla firefox 45.5.1
  • mozilla firefox 45.6.0
  • mozilla firefox 45.7.0
  • mozilla firefox 45.8.0
  • mozilla firefox 45.9.0
  • mozilla firefox 46.0
  • mozilla firefox 46.0.1
  • mozilla firefox 47.0
  • mozilla firefox 47.0.1
  • mozilla firefox 47.0.2
  • mozilla firefox 48.0
  • mozilla firefox 48.0.1
  • mozilla firefox 48.0.2
  • mozilla firefox 49.0
  • mozilla firefox 49.0.1
  • mozilla firefox 49.0.2
  • mozilla firefox 50.0
  • mozilla firefox 50.0.1
  • mozilla firefox 50.0.2
  • mozilla firefox 51.0
  • mozilla firefox 51.0.1
  • mozilla firefox 52.0
  • mozilla firefox 52.0.1
  • mozilla firefox 52.0.2
  • mozilla firefox 52.1.0
  • mozilla firefox 52.1.1
  • mozilla firefox 52.1.2
  • mozilla firefox 52.2.0
  • mozilla firefox 52.2.1
  • mozilla firefox 52.3.0
  • mozilla firefox 52.4.0
  • mozilla firefox 52.4.1
  • mozilla firefox 52.5.0
  • mozilla firefox 52.5.2
  • mozilla firefox 52.5.3
  • mozilla firefox 52.6.0
  • mozilla firefox 52.7.0
  • mozilla firefox 52.7.1
  • mozilla firefox 52.7.2
  • mozilla firefox 52.7.3
  • mozilla firefox 52.7.4
  • mozilla firefox 52.8.0
  • mozilla firefox 52.8.1
  • mozilla firefox 52.9.0
  • mozilla firefox 53.0
  • mozilla firefox 53.0.2
  • mozilla firefox 53.0.3
  • mozilla firefox 54.0
  • mozilla firefox 54.0.1
  • mozilla firefox 55.0
  • mozilla firefox 55.0.1
  • mozilla firefox 55.0.2
  • mozilla firefox 55.0.3
  • mozilla firefox 56.0
  • mozilla firefox 56.0.1
  • mozilla firefox 56.0.2
  • mozilla firefox 57.0
  • mozilla firefox 57.0.1
  • mozilla firefox 57.0.2
  • mozilla firefox 57.0.3
  • mozilla firefox 57.0.4
  • mozilla firefox 58.0
  • mozilla firefox 58.0.1
  • mozilla firefox 58.0.2
  • mozilla firefox 59.0
  • mozilla firefox 59.0.1
  • mozilla firefox 59.0.2
  • mozilla firefox 59.0.3
  • mozilla firefox 60.0
  • mozilla firefox 60.0.1
  • mozilla firefox 60.0.2
  • mozilla firefox 60.1.0
  • mozilla firefox 60.2.0
  • mozilla firefox 60.2.1
  • mozilla firefox 60.2.2
  • mozilla firefox 60.3.0
  • mozilla firefox 60.4.0
  • mozilla firefox 60.5.0
  • mozilla firefox 61.0
  • mozilla firefox 61.0.1
  • mozilla firefox 61.0.2
  • mozilla firefox 62.0
  • mozilla firefox 62.0.2
  • mozilla firefox_esr 10.0
  • mozilla firefox_esr 10.0.1
  • mozilla firefox_esr 10.0.2
  • mozilla firefox_esr 10.0.3
  • mozilla firefox_esr 10.0.4
  • mozilla firefox_esr 10.0.5
  • mozilla firefox_esr 10.0.6
  • mozilla firefox_esr 10.0.7
  • mozilla firefox_esr 10.0.8
  • mozilla firefox_esr 10.0.9
  • mozilla firefox_esr 10.0.10
  • mozilla firefox_esr 10.0.11
  • mozilla firefox_esr 10.0.12
  • mozilla firefox_esr 17.0
  • mozilla firefox_esr 17.0.1
  • mozilla firefox_esr 17.0.2
  • mozilla firefox_esr 17.0.3
  • mozilla firefox_esr 17.0.4
  • mozilla firefox_esr 17.0.5
  • mozilla firefox_esr 17.0.6
  • mozilla firefox_esr 17.0.7
  • mozilla firefox_esr 17.0.8
  • mozilla firefox_esr 17.0.9
  • mozilla firefox_esr 17.0.10
  • mozilla firefox_esr 17.0.11
  • mozilla firefox_esr 24.0
  • mozilla firefox_esr 24.0.1
  • mozilla firefox_esr 24.0.2
  • mozilla firefox_esr 24.1.0
  • mozilla firefox_esr 24.1.1
  • mozilla firefox_esr 24.2
  • mozilla firefox_esr 24.3
  • mozilla firefox_esr 24.4
  • mozilla firefox_esr 24.5
  • mozilla firefox_esr 24.6
  • mozilla firefox_esr 24.7
  • mozilla firefox_esr 24.8
  • mozilla firefox_esr 31.0
  • mozilla firefox_esr 31.1
  • mozilla firefox_esr 31.1.0
  • mozilla firefox_esr 31.1.1
  • mozilla firefox_esr 31.2
  • mozilla firefox_esr 31.3
  • mozilla firefox_esr 31.3.0
  • mozilla firefox_esr 31.4
  • mozilla firefox_esr 31.5
  • mozilla firefox_esr 31.5.1
  • mozilla firefox_esr 31.5.2
  • mozilla firefox_esr 31.5.3
  • mozilla firefox_esr 31.6
  • mozilla firefox_esr 31.8
  • mozilla firefox_esr 38.0
  • mozilla firefox_esr 38.0.1
  • mozilla firefox_esr 38.0.5
  • mozilla firefox_esr 38.1.0
  • mozilla firefox_esr 38.1.1
  • mozilla firefox_esr 38.2.0
  • mozilla firefox_esr 38.2.1
  • mozilla firefox_esr 38.3.0
  • mozilla firefox_esr 38.4.0
  • mozilla firefox_esr 38.5.0
  • mozilla firefox_esr 38.5.1
  • mozilla firefox_esr 38.5.2
  • mozilla firefox_esr 38.6.0
  • mozilla firefox_esr 38.6.1
  • mozilla firefox_esr 38.7.0
  • mozilla firefox_esr 38.7.1
  • mozilla firefox_esr 38.8.0
  • mozilla firefox_esr 45.0.2
  • mozilla firefox_esr 45.1.0
  • mozilla firefox_esr 45.1.1
  • mozilla firefox_esr 45.2.0
  • mozilla firefox_esr 45.3.0
  • mozilla firefox_esr 45.4.0
  • mozilla firefox_esr 45.5.0
  • canonical ubuntu_linux 14.04
  • canonical ubuntu_linux 16.04
  • canonical ubuntu_linux 18.04
  • debian debian_linux 9.0
  • redhat enterpriselinuxdesktop 6.0
  • redhat enterpriselinuxdesktop 7.0
  • redhat enterpriselinuxserver 6.0
  • redhat enterpriselinuxserver 7.0
  • redhat enterpriselinuxserver_aus 7.6
  • redhat enterpriselinuxserver_eus 7.5
  • redhat enterpriselinuxserver_eus 7.6
  • redhat enterpriselinuxserver_tus 7.6
  • redhat enterpriselinuxworkstation 6.0
  • redhat enterpriselinuxworkstation 7.0

Ease of attack

simple

False positives

None known

False negatives

None known

Corrective action

Update Mozilla Firefor

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-12387