#10863: firefox-60.0.2
--------------------+-----------------------
Reporter: ken@… | Owner: blfs-book
Type: defect | Status: new
Priority: normal | Milestone: 8.3
Component: BOOK | Version: SVN
Severity: normal | Keywords:
--------------------+-----------------------
In today's security announcements at lwn.net, Arch have updated to 60.0.2
Description
A heap-based buffer overflow has been found in the Skia component of
the Firefox browser before 60.0.2, when rasterizing paths using a
maliciously crafted SVG file with anti-aliasing turned off.
Impact
A remote attacker can execute arbitrary code via a crafted SVG file.
[https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/] - also
fixed in 60.0.2ESR and 52.8.1 ESR
CVE-2018-6126 impact rated as high.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/10863>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
