Vulnerability, related to insufficient vetting of parameters passed with the Prompt:Open IPC message was found in Mozilla Firefox. Malicious users can exploit this vulnerability via specially designed website to bypass security restrictions.

Original advisories

mfsa2019-19

Related products

Mozilla-Firefox-ESR

CVE list

CVE-2019-11708 critical

Solution

Update to the latest version

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Mozilla Firefox ESR earlier than 60.7.2

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/

www.mozilla.org/en-US/security/advisories/mfsa2019-19/

nessus 55

archlinux 1

veracode 1

prion 1

openvas 30

slackware 1

ubuntu 2

cve 1

debian 3

kaspersky 2

ibm 3

cisa_kev 1

osv 4

nvd 1

suse 4

attackerkb 1

redhatcve 1

checkpoint_advisories 1

mageia 3

fedora 4

cvelist 1

freebsd 2

mozilla 2

symantec 1

ubuntucve 1

debiancve 1

altlinux 2

alpinelinux 1

redhat 6

oraclelinux 6

githubexploit 2

centos 4

zdt 2

exploitpack 1

thn 2

packetstorm 1

exploitdb 2

threatpost 1

amazon 1

securelist 1

gentoo 1

nessus

Fedora 29 : firefox (2019-53e4772bb8)

2019-06-24 00:00:00

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1682-1)

2019-06-24 00:00:00

Slackware 14.2 / current : mozilla-firefox (SSA:2019-172-01)

2019-06-21 00:00:00

archlinux

[ASA-201906-20] firefox: sandbox escape

2019-06-25 00:00:00

veracode

Arbitrary Code Execution

2019-07-01 00:15:22

prion

Design/Logic Flaw

2019-07-23 14:15:00

openvas

Slackware: Security Advisory (SSA:2019-172-01)

2022-04-21 00:00:00

Mozilla Firefox ESR Security Advisories (MFSA2019-19, MFSA2019-20) - Windows

2019-06-21 00:00:00

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1595-1)

2020-01-09 00:00:00

slackware

[slackware-security] mozilla-firefox

2019-06-21 06:54:37

ubuntu

Firefox vulnerability

2019-06-24 00:00:00

Thunderbird vulnerabilities

2019-07-01 00:00:00

cve

CVE-2019-11708

2019-07-23 14:15:15

debian

[SECURITY] [DSA 4474-1] firefox-esr security update

2019-07-01 21:05:45

[SECURITY] [DSA 4471-1] thunderbird security update

2019-06-24 21:20:35

[SECURITY] [DLA 1836-1] thunderbird security update

2019-06-25 09:20:58

kaspersky

KLA11504 Incorrect parameters parsing vulnerability in Mozilla Firefox

2019-06-20 00:00:00

KLA11510 Multiple vulnerabilities in Mozilla Thunderbird

2019-06-20 00:00:00

ibm

Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11708)

2019-07-09 17:55:01

Security Bulletin: One vulnerability of Mozzila Firefox (less than Firefox 60.7.2 ESR) has affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF07

2019-12-20 08:47:33

Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.

2021-12-15 07:41:22

cisa_kev

Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability

2022-05-23 00:00:00

osv

CVE-2019-11708

2019-07-23 14:15:15

firefox-esr - security update

2019-07-01 00:00:00

thunderbird - security update

2019-06-24 00:00:00

nvd

CVE-2019-11708

2019-07-23 14:15:15

suse

Security update for MozillaFirefox (important)

2019-06-24 00:00:00

Security update for MozillaThunderbird (critical)

2019-06-23 00:00:00

Security update for MozillaThunderbird (important)

2019-06-24 00:00:00

attackerkb

CVE-2019-11708

2019-07-23 00:00:00

redhatcve

CVE-2019-11708

2020-04-01 08:10:51

checkpoint_advisories

Mozilla Thunderbird Remote Code Execution (CVE-2019-11708)

2022-06-19 00:00:00

mageia

Updated firefox packages fix security vulnerability

2019-07-02 18:00:24

Updated mozjs60 packages fix security vulnerability

2020-01-05 18:37:51

Updated thunderbird packages fix security vulnerabilities

2019-07-02 16:09:27

fedora

[SECURITY] Fedora 29 Update: firefox-67.0.4-1.fc29

2019-06-22 02:56:57

[SECURITY] Fedora 30 Update: firefox-67.0.4-1.fc30

2019-06-22 01:05:52

[SECURITY] Fedora 30 Update: mozjs60-60.7.2-1.fc30

2019-06-24 00:57:00

cvelist

CVE-2019-11708

2019-07-23 13:20:03

freebsd

Mozilla -- multiple vulnerabilities

2019-06-20 00:00:00

Mozilla -- multiple vulnerabilities

2019-06-20 00:00:00

mozilla

Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 — Mozilla

2019-06-20 00:00:00

Security vulnerabilities fixed in Thunderbird 60.7.2 — Mozilla

2019-06-20 00:00:00

symantec

Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass Vulnerability

2019-06-20 00:00:00

ubuntucve

CVE-2019-11708

2019-06-21 00:00:00

debiancve

CVE-2019-11708

2019-07-23 14:15:15

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 60.7.2-alt1

2019-06-20 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 60.7.2-alt1

2019-06-22 00:00:00

alpinelinux

CVE-2019-11708

2019-07-23 14:15:15

redhat

(RHSA-2019:1603) Critical: firefox security update

2019-06-25 16:27:43

(RHSA-2019:1604) Critical: firefox security update

2019-06-25 16:27:56

(RHSA-2019:1696) Critical: firefox security update

2019-07-08 08:01:28

oraclelinux

firefox security update

2019-07-30 00:00:00

firefox security update

2019-06-26 00:00:00

firefox security update

2019-06-25 00:00:00

githubexploit

Exploit for Improper Input Validation in Mozilla Firefox Esr

2019-09-29 07:08:52

Exploit for Type Confusion in Mozilla Thunderbird

2021-09-08 14:38:42

centos

firefox security update

2019-07-01 15:56:37

firefox security update

2019-07-01 15:53:24

thunderbird security update

2019-07-01 15:54:02

zdt

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit

2019-12-09 00:00:00

Mozilla Firefox 67 - Array.pop JIT Type Confusion Exploit

2022-02-02 00:00:00

exploitpack

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

2019-12-07 00:00:00

thn

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week

2019-06-21 09:11:00

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

2022-11-09 11:01:00

packetstorm

Mozilla Firefox 67 Array.pop JIT Type Confusion

2022-02-02 00:00:00

exploitdb

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

2019-12-07 00:00:00

Mozilla Firefox 67 - Array.pop JIT Type Confusion

2022-02-02 00:00:00

threatpost

Mozilla Fixes Second Actively-Exploited Firefox Flaw

2019-06-21 14:22:23

amazon

Critical: thunderbird

2019-07-18 18:17:00

securelist

IT threat evolution Q2 2019. Statistics

2019-08-19 10:00:00

gentoo

Mozilla Firefox: Multiple vulnerabilities

2019-08-15 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for KLA11505