Subject: [ASA-201903-14] firefox: arbitrary code execution Arch Linux Security Advisory ASA-201903-14 ========================================== Severity: Critical Date : 2019-03-23 CVE-ID : CVE-2019-9810 CVE-2019-9813 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-930 Summary ======= The package firefox before version 66.0.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 66.0.1-1. # pacman -Syu "firefox>=66.0.1-1" The problems have been fixed upstream in version 66.0.1. Workaround ========== None. Description =========== - CVE-2019-9810 (arbitrary code execution) An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 and Thunderbird before 60.6.1 for the Array.prototype.slice method may lead to missing bounds check and a buffer overflow. - CVE-2019-9813 (arbitrary code execution) An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1, and can be leveraged for arbitrary memory read and write. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810 https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813 https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813 https://bugzilla.mozilla.org/show_bug.cgi?id=1538006 https://security.archlinux.org/CVE-2019-9810 https://security.archlinux.org/CVE-2019-9813