ArchLinux: 201806-5: firefox: arbitrary code execution
Summary
A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off.
Resolution
Upgrade to 60.0.2-1.
# pacman -Syu "firefox>=60.0.2-1"
The problem has been fixed upstream in version 60.0.2.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/#CVE-2018-6126 https://bugzilla.mozilla.org/show_bug.cgi?id=1462682 https://security.archlinux.org/CVE-2018-6126
Workaround
None.