ASA-201906-18 generated external raw

[ASA-201906-18] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201906-18 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-994 Summary ======= The package <a href="/package/firefox">firefox</a> before version 67.0.3-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 67.0.3-1. # pacman -Syu "firefox>=67.0.3-1" The problem has been fixed upstream in version 67.0.3. Workaround ========== None. Description =========== A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, in <a href="/package/firefox">Firefox</a> before 67.0.3. This can allow for an exploitable crash. Mozilla has been made aware of targeted attacks in the wild abusing this flaw. Impact ====== A remote attacker can execute arbitrary code via crafted Javascript code. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2019-18 https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 https://security.archlinux.org/CVE-2019-11707