---

CVE-2019-11708 - log back

CVE-2019-11708 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Sandbox escape
Description	+ An issue has been found in Firefox before 67.0.4, where an insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708 + https://bugzilla.mozilla.org/show_bug.cgi?id=1559858
Notes