ASA-202001-3 log generated external raw

[ASA-202001-3] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-202001-3 ========================================= Severity: Critical Date : 2020-01-10 CVE-ID : CVE-2019-17026 Package : firefox Type : arbitrary code execution Remote : Yes Link : Summary ======= The package firefox before version 72.0.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 72.0.1-1. # pacman -Syu "firefox>=72.0.1-1" The problem has been fixed upstream in version 72.0.1. Workaround ========== None. Description =========== A type confusion vulnerability has been found in Firefox before 72.0.1. Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion with StoreElementHole and FallibleStoreElement. Mozilla is aware of targeted attacks in the wild abusing this flaw. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ==========