Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2
- June 20, 2019
- Firefox, Firefox ESR
- Fixed in
- Firefox 67.0.4
- Firefox ESR 60.7.2
- Coinbase Security
Insufficient vetting of parameters passed with the
IPC message between child and parent processes can result in the non-sandboxed
parent process opening web content chosen by a compromised child process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user's computer.