CRITICAL 10.0
KEV
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA Known Exploited Vulnerability
- Ajouté au KEV
- 2022-05-23
- Deadline remédiation
- 2022-06-13
- Action requise
- Apply updates per vendor instructions.
- Ransomware
- Non
Apps mobiles affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| mozilla | firefox | Android | <60.7.2 | cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* |
| mozilla | firefox | iOS | <60.7.2 | cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* |
| mozilla | firefox | Android | <67.0.4 | cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* |
| mozilla | firefox | iOS | <67.0.4 | cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* |