ASA-201906-18 generated external raw

[ASA-201906-18] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201906-18 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox Type : arbitrary code execution Remote : Yes Link : Summary ======= The package <a href="/package/firefox">firefox</a> before version 67.0.3-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 67.0.3-1. # pacman -Syu "firefox>=67.0.3-1" The problem has been fixed upstream in version 67.0.3. Workaround ========== None. Description =========== A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, in <a href="/package/firefox">Firefox</a> before 67.0.3. This can allow for an exploitable crash. Mozilla has been made aware of targeted attacks in the wild abusing this flaw. Impact ====== A remote attacker can execute arbitrary code via crafted Javascript code. References ==========