[ASA-201803-13] firefox: arbitrary code execution

Jelle van der Waa jelle at archlinux.org
Mon Mar 19 12:55:39 UTC 2018


Arch Linux Security Advisory ASA-201803-13
==========================================

Severity: Critical
Date    : 2018-03-18
CVE-ID  : CVE-2018-5146
Package : firefox
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-657

Summary
=======

The package firefox before version 59.0.1-1 is vulnerable to arbitrary
code execution.

Resolution
==========

Upgrade to 59.0.1-1.

# pacman -Syu "firefox>=59.0.1-1"

The problem has been fixed upstream in version 59.0.1.

Workaround
==========

None.

Description
===========

An out of bounds memory write vulnerability has been discovered in
libvorbis before 1.3.6 while processing Vorbis audio data related to
codebooks that are not an exact divisor of the partition size.

Impact
======

A remote attacker is able to execute arbitrary code by tricking the
user into visiting a website with a vorbis audio file.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5146
https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f
http://seclists.org/oss-sec/2018/q1/243
https://security.archlinux.org/CVE-2018-5146
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180319/760c1f4b/attachment.asc>


More information about the arch-security mailing list