ASA-202101-5 log generated external raw

[ASA-202101-5] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-202101-5 ========================================= Severity: Critical Date : 2021-01-08 CVE-ID : CVE-2020-16044 Package : firefox Type : arbitrary code execution Remote : Yes Link : Summary ======= The package firefox before version 84.0.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 84.0.2-1. # pacman -Syu "firefox>=84.0.2-1" The problem has been fixed upstream in version 84.0.2. Workaround ========== None. Description =========== A security issue was found in Firefox before 84.0.2. A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. Mozilla presumes that with enough effort it could have been exploited to run arbitrary code. Impact ====== A remote attacker might be able to execute arbitrary code via a crafted SCTP packet. References ==========