Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 671
    • Issues 671
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 182
    • Merge Requests 182
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #10601

Closed
Open
Opened Jun 21, 2019 by Alicha CH@alichaReporter

[3.11] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)

Insufficient vetting of parameters passed with the `Prompt:Open`
IPC message between child and parent processes can result in the non-sandboxed
parent process opening web content chosen by a compromised child process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.

Fixed In Version:

Firefox ESR 60.7.2

Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/

(from redmine: issue id 10601, created on 2019-06-21, closed on 2019-06-28)

  • Relations:
    • parent #10600 (closed)
  • Changesets:
    • Revision ed5e768a on 2019-06-27T14:41:49Z:
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)

fixes #10601
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
3.11.0
Milestone
3.11.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#10601