mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.3 KiB
1.3 KiB
CVE-2018-12387
Description
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ZihanYe/web-browser-vulnerabilities
- https://github.com/lnick2023/nicenice
- https://github.com/m00zh33/sploits
- https://github.com/niklasb/sploits
- https://github.com/otravidaahora2t/js-vuln-db
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/tunz/js-vuln-db
- https://github.com/xbl3/awesome-cve-poc_qazbnm456