
Update your Firefox browser now, there’s an emergency patch - babak_ap
https://www.theverge.com/2019/6/18/18684272/firefox-zero-day-flaw-browser-attacks-crypto-patch
======
jolmg
Archlinux has 67.0.3 already. Some mirrors are still not updated with it, but
the one on kernel.org is. Just put that mirror on the top of the
/etc/pacman.d/mirrorlist file before running sudo pacman -Sy firefox.

~~~
zach43
Gentoo also seems to have updated firefox-bin (and possibly www-client/firefox
too?)...I ran an emerge update a few minutes ago and saw it install the
firefox update

------
oil25
From Project Zero:

> A type confusion vulnerability can occur when manipulating JavaScript
> objects due to issues in Array.pop. This can allow for an exploitable crash.
> We are aware of targeted attacks in the wild abusing this flaw.

------
salutonmundo
extra links:

[https://www.mozilla.org/en-
US/security/advisories/mfsa2019-1...](https://www.mozilla.org/en-
US/security/advisories/mfsa2019-18/) [https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2019-1170...](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2019-11707)

