|Reported by:||Owned by:|
In today's security announcements at lwn.net, Arch have updated to 60.0.2
A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off.
A remote attacker can execute arbitrary code via a crafted SVG file.
https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ - also fixed in 60.0.2ESR and 52.8.1 ESR
CVE-2018-6126 impact rated as high.