Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201806-5 ======================================== Severity: High Date : 2018-06-08 CVE-ID : CVE-2018-6126 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-715 Summary ====== The package firefox before version 60.0.2-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 60.0.2-1. # pacman -Syu "firefox>=60.0.2-1" The problem has been fixed upstream in version 60.0.2. Workaround ========= None. Description ========== A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. Impact ===== A remote attacker can execute arbitrary code via a crafted SVG file. References ========= https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/#CVE-2018-6126 https://bugzilla.mozilla.org/show_bug.cgi?id=1462682 https://security.archlinux.org/CVE-2018-6126