ArchLinux: 201810-6: firefox: multiple issues
Summary
- CVE-2018-12386 (arbitrary code execution)
A vulnerability has been found in Firefox before 62.0.3 in register
allocation in JavaScript can lead to type confusion, allowing for an
arbitrary read and write. This leads to remote code execution inside
the sandboxed content process when triggered.
- CVE-2018-12387 (information disclosure)
A vulnerability has been found in Firefox before 62.0.3 where the
JavaScript JIT compiler inlines Array.prototype.push with multiple
arguments that results in the stack pointer being off by 8 bytes after
a bailout. This leaks a memory address to the calling function which
can be used as part of an exploit inside the sandboxed content process.
Resolution
Upgrade to 62.0.3-1.
# pacman -Syu "firefox>=62.0.3-1"
The problems have been fixed upstream in version 62.0.3.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386 https://bugzilla.mozilla.org/show_bug.cgi?id=1493900 https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387 https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://security.archlinux.org/CVE-2018-12386 https://security.archlinux.org/CVE-2018-12387
Workaround
None.