Arch Linux 749 Published by

Updated firefox packages has been released for Arch Linux



Arch Linux Security Advisory ASA-201810-6
=========================================

Severity: Critical
Date : 2018-10-04
CVE-ID : CVE-2018-12386 CVE-2018-12387
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-775

Summary
=======

The package firefox before version 62.0.3-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution
==========

Upgrade to 62.0.3-1.

# pacman -Syu "firefox>=62.0.3-1"

The problems have been fixed upstream in version 62.0.3.

Workaround
==========

None.

Description
===========

- CVE-2018-12386 (arbitrary code execution)

A vulnerability has been found in Firefox before 62.0.3 in register
allocation in JavaScript can lead to type confusion, allowing for an
arbitrary read and write. This leads to remote code execution inside
the sandboxed content process when triggered.

- CVE-2018-12387 (information disclosure)

A vulnerability has been found in Firefox before 62.0.3 where the
JavaScript JIT compiler inlines Array.prototype.push with multiple
arguments that results in the stack pointer being off by 8 bytes after
a bailout. This leaks a memory address to the calling function which
can be used as part of an exploit inside the sandboxed content process.

Impact
======

A remote attacker can execute arbitrary code on the affected host via
crafted Javascript code.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387
https://bugzilla.mozilla.org/show_bug.cgi?id=1493903
https://security.archlinux.org/CVE-2018-12386
https://security.archlinux.org/CVE-2018-12387
  Firefox Update for Arch Linux