ArchLinux: 201903-14: firefox: arbitrary code execution
Summary
- CVE-2019-9810 (arbitrary code execution)
An incorrect alias information in the IonMonkey JIT compiler of Firefox
before 66.0.1 for the Array.prototype.slice method may lead to missing
bounds check and a buffer overflow.
- CVE-2019-9813 (arbitrary code execution)
An incorrect handling of __proto__ mutations may lead to type confusion
in the IonMonkey JIT code of Firefox before 66.0.1 and can be leveraged
for arbitrary memory read and write.
Resolution
Upgrade to 66.0.1-1.
# pacman -Syu "firefox>=66.0.1-1"
The problems have been fixed upstream in version 66.0.1.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813 https://bugzilla.mozilla.org/show_bug.cgi?id=1538006 https://security.archlinux.org/CVE-2019-9810 https://security.archlinux.org/CVE-2019-9813
Workaround
None.