ArchLinux: 201803-13: firefox: arbitrary code execution

    Date19 Mar 2018
    CategoryArchLinux
    612
    Posted ByAnthony Pell
    The package firefox before version 59.0.1-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201803-13
    ==========================================
    
    Severity: Critical
    Date    : 2018-03-18
    CVE-ID  : CVE-2018-5146
    Package : firefox
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-657
    
    Summary
    =======
    
    The package firefox before version 59.0.1-1 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 59.0.1-1.
    
    # pacman -Syu "firefox>=59.0.1-1"
    
    The problem has been fixed upstream in version 59.0.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    An out of bounds memory write vulnerability has been discovered in
    libvorbis before 1.3.6 while processing Vorbis audio data related to
    codebooks that are not an exact divisor of the partition size.
    
    Impact
    ======
    
    A remote attacker is able to execute arbitrary code by tricking the
    user into visiting a website with a vorbis audio file.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5146
    https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
    https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f
    http://seclists.org/oss-sec/2018/q1/243
    https://security.archlinux.org/CVE-2018-5146
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.