ASA-201806-5 generated external raw

[ASA-201806-5] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201806-5 ========================================= Severity: High Date : 2018-06-08 CVE-ID : CVE-2018-6126 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-715 Summary ======= The package firefox before version 60.0.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 60.0.2-1. # pacman -Syu "firefox>=60.0.2-1" The problem has been fixed upstream in version 60.0.2. Workaround ========== None. Description =========== A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. Impact ====== A remote attacker can execute arbitrary code via a crafted SVG file. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/#CVE-2018-6126 https://bugzilla.mozilla.org/show_bug.cgi?id=1462682 https://security.archlinux.org/CVE-2018-6126