[ASA-201810-6] firefox: multiple issues

Remi Gacogne rgacogne at archlinux.org
Thu Oct 4 12:07:10 UTC 2018


Arch Linux Security Advisory ASA-201810-6
=========================================

Severity: Critical
Date    : 2018-10-04
CVE-ID  : CVE-2018-12386 CVE-2018-12387
Package : firefox
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-775

Summary
=======

The package firefox before version 62.0.3-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution
==========

Upgrade to 62.0.3-1.

# pacman -Syu "firefox>=62.0.3-1"

The problems have been fixed upstream in version 62.0.3.

Workaround
==========

None.

Description
===========

- CVE-2018-12386 (arbitrary code execution)

A vulnerability has been found in Firefox before 62.0.3 in register
allocation in JavaScript can lead to type confusion, allowing for an
arbitrary read and write. This leads to remote code execution inside
the sandboxed content process when triggered.

- CVE-2018-12387 (information disclosure)

A vulnerability has been found in Firefox before 62.0.3 where the
JavaScript JIT compiler inlines Array.prototype.push with multiple
arguments that results in the stack pointer being off by 8 bytes after
a bailout. This leaks a memory address to the calling function which
can be used as part of an exploit inside the sandboxed content process.

Impact
======

A remote attacker can execute arbitrary code on the affected host via
crafted Javascript code.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
https://bugzilla.mozilla.org/show_bug.cgi?id=1493900
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387
https://bugzilla.mozilla.org/show_bug.cgi?id=1493903
https://security.archlinux.org/CVE-2018-12386
https://security.archlinux.org/CVE-2018-12387

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20181004/924668a5/attachment.asc>


More information about the arch-security mailing list