Arch Linux Security Advisory ASA-201504-24 ========================================== Severity: Critical Date : 2015-04-22 CVE-ID : CVE-2015-2706 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox before version 37.0.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 37.0.2-1. # pacman -Syu "firefox>=37.0.2-1" The problem has been fixed upstream in version 37.0.2. Workaround ========== None. Description =========== Mozilla developer Robert Kaiser reported that a specially crafted HTML, when loaded by the target user, will trigger a use-after-free race condition when a plugin fails to initialize, which may lead to a memory corruption error in AsyncPaintWaitEvent::AsyncPaintWaitEvent() and arbitrary code execution on the target system. Impact ====== A remote attacker is able to use a specially crafted HTML that, when loaded by the target user, will trigger a race condition leading to memory corruption and arbitrary code execution. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ https://access.redhat.com/security/cve/CVE-2015-2706