Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1682-1

Опубликовано: 22 июн. 2019
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

  • Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872)

  • CVE-2019-11708: Fix sandbox escape using Prompt:Open.

    • Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

Список пакетов

Image SLES15-SAP-Azure-LI-BYOS-Production
MozillaFirefox-60.7.2-3.48.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-60.7.2-3.48.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
MozillaFirefox-60.7.2-3.48.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-60.7.2-3.48.1
SUSE Linux Enterprise Module for Desktop Applications 15
MozillaFirefox-60.7.2-3.48.1
MozillaFirefox-devel-60.7.2-3.48.1
MozillaFirefox-translations-common-60.7.2-3.48.1
MozillaFirefox-translations-other-60.7.2-3.48.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
MozillaFirefox-60.7.2-3.48.1
MozillaFirefox-devel-60.7.2-3.48.1
MozillaFirefox-translations-common-60.7.2-3.48.1
MozillaFirefox-translations-other-60.7.2-3.48.1

Ссылки

Описание

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

Затронутые продукты
Image SLES15-SAP-Azure-LI-BYOS-Production:MozillaFirefox-60.7.2-3.48.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-60.7.2-3.48.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-60.7.2-3.48.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-60.7.2-3.48.1
Ссылки
Уязвимость SUSE-SU-2019:1682-1