Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872)
-
CVE-2019-11708: Fix sandbox escape using Prompt:Open.
- Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
MozillaFirefox-60.7.2-lp151.2.7.1
MozillaFirefox-branding-upstream-60.7.2-lp151.2.7.1
MozillaFirefox-buildsymbols-60.7.2-lp151.2.7.1
MozillaFirefox-devel-60.7.2-lp151.2.7.1
MozillaFirefox-translations-common-60.7.2-lp151.2.7.1
MozillaFirefox-translations-other-60.7.2-lp151.2.7.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1595-1
- SUSE Security Ratings
- SUSE Bug 1138872
- SUSE CVE CVE-2019-11708 page
Описание
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
Затронутые продукты
openSUSE Leap 15.1:MozillaFirefox-60.7.2-lp151.2.7.1
openSUSE Leap 15.1:MozillaFirefox-branding-upstream-60.7.2-lp151.2.7.1
openSUSE Leap 15.1:MozillaFirefox-buildsymbols-60.7.2-lp151.2.7.1
openSUSE Leap 15.1:MozillaFirefox-devel-60.7.2-lp151.2.7.1
Ссылки
- CVE-2019-11708
- SUSE Bug 1138872