FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- multiple vulnerabilities

Affected packages
firefox < 67.0.4,1
waterfox < 56.2.12
firefox-esr < 60.7.2,1

Details

VuXML ID 39bc2294-ff32-4972-9ecb-b9f40b4ccb74
Discovery 2019-06-20
Entry 2019-06-21
Modified 2019-07-09

Mozilla Foundation reports:

CVE-2019-11708: sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

[source]

References

CVE Name CVE-2019-11708
URL https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.