Mozilla Foundation Security Advisory 2019-19
Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2
- June 20, 2019
- Firefox, Firefox ESR
- Fixed in
- Firefox 67.0.4
- Firefox ESR 60.7.2
#CVE-2019-11708: sandbox escape using Prompt:Open
- Coinbase Security
Insufficient vetting of parameters passed with the
IPC message between child and parent processes can result in the non-sandboxed
parent process opening web content chosen by a compromised child process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user's computer.