Home

CVE-2019-11708

Description

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the users computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

Risk Information

Base Score
10.0
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
68.885

Associated Vulnerability

VulnerabilityOS Platform
CVE-2019-11708 fixed in Mozilla Firefox (67.0.4)Windows
CVE-2019-11708 fixed in Mozilla Thunderbird (60.7.2)Windows
CVE-2019-11708 fixed in Mozilla Firefox ESR (60.7.2)Windows
CVE-2019-11708 fixed in Mozilla Firefox (x64) (67.0.4)Windows
CVE-2019-11708 fixed in Mozilla Firefox ESR (x64) (60.7.2)Windows
Vulnerabilities CVE-2019-11708 are fixed in Update for Mozilla Firefox For Mac (67.0.4)Mac
Vulnerabilities CVE-2019-11707,CVE-2019-11708 are affected in Mozilla Thunderbird for Mac 60.7.1Mac
Vulnerabilities CVE-2019-11708 are affected in Firefox ESR for Mac 60.7.1Mac
Vulnerabilities CVE-2019-11708 are affected in Mozilla Firefox for Mac 60.7.1Mac
Vulnerabilities CVE-2019-11708 are affected in Mozilla Firefox for Mac 67.0.3Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-310151Mozilla Firefox (67.0.4)
PATCH-310152Mozilla Thunderbird (60.7.2)
PATCH-310153Mozilla Firefox ESR (60.7.2)
PATCH-310154Mozilla Firefox (x64) (67.0.4)
PATCH-310155Mozilla Firefox ESR (x64) (60.7.2)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234