Subject: [ASA-202001-1] firefox: multiple issues Arch Linux Security Advisory ASA-202001-1 ========================================= Severity: Critical Date : 2020-01-08 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17020 CVE-2019-17022 CVE-2019-17023 CVE-2019-17024 CVE-2019-17025 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1084 Summary ======= The package firefox before version 72.0-1 is vulnerable to multiple issues including arbitrary code execution, insufficient validation, access restriction bypass and denial of service. Resolution ========== Upgrade to 72.0-1. # pacman -Syu "firefox>=72.0-1" The problems have been fixed upstream in version 72.0. Workaround ========== None. Description =========== - CVE-2019-17016 (insufficient validation) A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1. When pasting a