Firefox 67.0.3 Fix for Zero day remote code execution flaw.
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    May 2018
    Location
    UK
    Posts
    295
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Firefox 67.0.3 Fix for Zero day remote code execution flaw.

    https://www.mozilla.org/en-US/securi...s/mfsa2019-18/

    Mozilla Foundation Security Advisory 2019-18
    Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1

    Announced June 18, 2019
    Impact critical
    Products
    Firefox, Firefox ESR
    Fixed in Firefox 67.0.3 ; Firefox ESR 60.7.1

    #CVE-2019-11707: Type confusion in Array.pop

    Reporter: Samuel Groß of Google Project Zero, Coinbase Security

    Description

    A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
    I see a fix just building for Fedora in koji now. F30 build (firefox-67.0.3-1.fc30) rpms available at https://koji.fedoraproject.org/koji/...uildID=1289780 ; F29 currently building.

    Assuming no issues, should appear in bodhi and updates-testing shortly. I just installed the x86_64 rpm direct from koji and all seems fine so far.

    Reports say exploitations are already being seen in the wild and Linux, Mac and Windows are all reportedly vulnerable.

  2. #2
    Join Date
    Jul 2013
    Location
    NZ
    Posts
    463
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Firefox 67.0.3 Fix for Zero day remote code execution flaw.

    Just installed from the testing repo. Thanks for the heads up.

  3. #3
    Join Date
    May 2018
    Location
    UK
    Posts
    295
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Re: Firefox 67.0.3 Fix for Zero day remote code execution flaw.

    For F30 users I see the update has now been pushed to stable so should come with normal updates once all the repos catch up. That's not true for F29 yet but the build is now available at https://koji.fedoraproject.org/koji/...uildID=1289777 so can be installed from the rpm. Repo status for the F29 build can be checked at https://bodhi.fedoraproject.org/upda...019-9d9ad2999e

Similar Threads

  1. Replies: 54
    Last Post: 6th May 2014, 11:36 PM
  2. Replies: 2
    Last Post: 19th January 2013, 07:29 PM
  3. Replies: 0
    Last Post: 13th June 2012, 02:12 PM
  4. Help with execution code
    By ianmac in forum Using Fedora
    Replies: 3
    Last Post: 14th April 2005, 11:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •