#10863: firefox-60.0.2 --------------------+----------------------- Reporter: ken@… | Owner: blfs-book Type: defect | Status: new Priority: normal | Milestone: 8.3 Component: BOOK | Version: SVN Severity: normal | Keywords: --------------------+----------------------- In today's security announcements at lwn.net, Arch have updated to 60.0.2
Description A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. Impact A remote attacker can execute arbitrary code via a crafted SVG file. [https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/] - also fixed in 60.0.2ESR and 52.8.1 ESR CVE-2018-6126 impact rated as high. -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/10863> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page