Firefox - (bulletinjul2019)ID: oval:org.secpod.oval:def:2105024 | Date: (C)2019-12-30 (M)2023-12-20 |
Class: PATCH | Family: unix |
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user"s computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
Product: |
web/data/firefox-bookmarks |
web/browser/firefox |
mail/thunderbird |
mail/thunderbird/plugin/thunderbird-lightning |