Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1
Announced: June 18, 2019
Products: Firefox, Firefox ESR
Fixed in Firefox 67.0.3, Firefox ESR 60.7.1
CVE-2019-11707: Type confusion in Array.pop
Reporter: Samuel Groß of Google Project Zero, Coinbase Security
We are aware of targeted attacks in the wild abusing this flaw.
CVE-2019-11708: sandbox escape using Prompt:Open
Reporter: Coinbase Security
Description: insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.