Mozilla Firefox 69, Mozilla Firefox ESR 68.1 : Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading <code>accounts.firefox.com</code> in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser w ...