Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 652
    • Issues 652
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 179
    • Merge Requests 179
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #10602

Closed
Open
Opened Jun 21, 2019 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.10] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)

Insufficient vetting of parameters passed with the `Prompt:Open`
IPC message between child and parent processes can result in the non-sandboxed
parent process opening web content chosen by a compromised child process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.

Fixed In Version:

Firefox ESR 60.7.2

Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/

(from redmine: issue id 10602, created on 2019-06-21, closed on 2019-06-28)

  • Relations:
    • parent #10600 (closed)
  • Changesets:
    • Revision f1f49be1 on 2019-06-27T14:48:06Z:
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)

fixes #10602
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.10.1
Milestone
3.10.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#10602