Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2019-19

Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2

Announced
June 20, 2019
Impact
high
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 67.0.4
  • Firefox ESR 60.7.2

#CVE-2019-11708: sandbox escape using Prompt:Open

Reporter
Coinbase Security
Impact
high
Description

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

References