Subject: [ASA-201810-6] firefox: multiple issues Arch Linux Security Advisory ASA-201810-6 ========================================= Severity: Critical Date : 2018-10-04 CVE-ID : CVE-2018-12386 CVE-2018-12387 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-775 Summary ======= The package firefox before version 62.0.3-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 62.0.3-1. # pacman -Syu "firefox>=62.0.3-1" The problems have been fixed upstream in version 62.0.3. Workaround ========== None. Description =========== - CVE-2018-12386 (arbitrary code execution) A vulnerability has been found in Firefox before 62.0.3 in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 (information disclosure) A vulnerability has been found in Firefox before 62.0.3 where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Impact ====== A remote attacker can execute arbitrary code on the affected host via crafted Javascript code. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386 https://bugzilla.mozilla.org/show_bug.cgi?id=1493900 https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387 https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://security.archlinux.org/CVE-2018-12386 https://security.archlinux.org/CVE-2018-12387