FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- multiple vulnerabilities

Affected packages
firefox < 67.0.4,1
waterfox < 56.2.12
firefox-esr < 60.7.2,1


VuXML ID 39bc2294-ff32-4972-9ecb-b9f40b4ccb74
Discovery 2019-06-20
Entry 2019-06-21
Modified 2019-07-09

Mozilla Foundation reports:

CVE-2019-11708: sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.


CVE Name CVE-2019-11708