Mageia: Security Advisory (MGASA-2019-0201)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1682-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated mozjs60 packages fix security vulnerability

The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...

CVE-2019-11708

CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...

Updated firefox packages fix security vulnerability

Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. CVE-2019-11708...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)

Security Fixes : - Mozilla: Type confusion in Array.pop CVE-2019-11707 - thunderbird: Stack buffer overflow in icalrecuraddbydayrules in icalrecur.c CVE-2019-11705 - Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 - thunderbird: Heap buffer over read in icalparser.c parsergetnextchar...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190626)

Security Fixes : - Mozilla: Type confusion in Array.pop CVE-2019-11707 - Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid126434; scriptversion"1.11";...

CentOS Update for firefox CESA-2019:1603 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1684-1)

This update for MozillaFirefox fixes the following issues : Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 bsc1138872 CVE-2019-11708: Fix sandbox escape using Prompt:Open. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in...

Fedora 29 : firefox (2019-53e4772bb8)

New upstream version 67.0.4 - Fixes CVE-2019-11708: sandbox escape using Prompt:Open - Release notes are at https://www.mozilla.org/en-US/firefox/67.0.4/releasenote s/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

FreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)

Mozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-1170...

FreeBSD : Mozilla -- multiple vulnerabilities (39bc2294-ff32-4972-9ecb-b9f40b4ccb74)

Mozilla Foundation reports : CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. Whe...

CVE-2019-11708

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

Mozilla Firefox < 67.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-19 advisory. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can...

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708...

KLA11504 Incorrect parameters parsing vulnerability in Mozilla Firefox

Vulnerability, related to insufficient vetting of parameters passed with the Prompt:Open IPC message was found in Mozilla Firefox. Malicious users can exploit this vulnerability via specially designed website to bypass security restrictions. Original advisories - Related products Mozilla-Firefox...

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When...