ArchLinux: 202105-5: firefox: arbitrary code execution
Summary
A security issue has been found in Firefox before version 88.0.1. When Web Render components were destructed, a race condition could have caused undefined behavior, and Mozilla presumes that with enough effort may have been exploitable to run arbitrary code.
Resolution
Upgrade to 88.0.1-1.
# pacman -Syu "firefox>=88.0.1-1"
The problem has been fixed upstream in version 88.0.1.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952 https://bugzilla.mozilla.org/show_bug.cgi?id=1704227 https://security.archlinux.org/CVE-2021-29952
Workaround
None.