[3.11] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)
Insufficient vetting of parameters passed with the `Prompt:Open`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.
Fixed In Version:
Firefox ESR 60.7.2
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
(from redmine: issue id 10601, created on 2019-06-21, closed on 2019-06-28)
- Relations:
- parent #10600 (closed)
- Changesets:
- Revision ed5e768a on 2019-06-27T14:41:49Z:
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)
fixes #10601