1. Home
  2. Vulnerabilities
  3. CVE-2019-11708

CVE-2019-11708

CVSS v3.1 10 (Critical)
100% Progress
CVSS v2.0 10 (High)
100% Progress
EPSS 2.54 % (90th)
2.54% Progress
Affected Products 3
Advisories 35
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Mozilla Corporation
Published Date
2019-07-23 14:15:15
(5 years ago)
Updated Date
2024-07-02 17:02:19
(2 months ago)
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-11708
Vendor
Mozilla
Product
Firefox and Thunderbird
In CISA Catalog from
2022-05-23
(2 years ago)
Due Date
2022-06-13
(2 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 67.0.4 version cpe:2.3:a:mozilla:firefox < 67.0.4
  Mozilla Firefox Esr prior 60.7.2 version cpe:2.3:a:mozilla:firefox_esr < 60.7.2
  Mozilla Thunderbird prior 60.7.2 version cpe:2.3:a:mozilla:thunderbird < 60.7.2