Search for packages
Package details: pkg:alpm/archlinux/firefox@62.0.2-1
purl pkg:alpm/archlinux/firefox@62.0.2-1
Next non-vulnerable version 62.0.3-1
Latest non-vulnerable version 101.0-1
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-kew8-ygsz-z7ag
Aliases:
CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.
62.0.3-1
Affected by 0 other vulnerabilities.
VCID-wpce-95vg-tfcn
Aliases:
CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.
62.0.3-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-31T11:35:21.970201+00:00 Arch Linux Importer Affected by VCID-kew8-ygsz-z7ag https://security.archlinux.org/AVG-775 37.0.0
2025-07-31T11:35:21.941795+00:00 Arch Linux Importer Affected by VCID-wpce-95vg-tfcn https://security.archlinux.org/AVG-775 37.0.0