SUSE-SU-2019:1684-1

Details

This update for MozillaFirefox fixes the following issues:

Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872)
CVE-2019-11708: Fix sandbox escape using Prompt:Open.
- Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

Affected Packages

MozillaFirefox

SUSE Enterprise Storage 4SUSE Enterprise Storage 5SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP1-LTSS

Fixed in:

60.7.2-109.80.1

MozillaFirefox-devel

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12-LTSS

Fixed in:

60.7.2-109.80.1

MozillaFirefox-translations-common

SUSE Enterprise Storage 4SUSE Enterprise Storage 5SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP1-LTSS

Fixed in:

60.7.2-109.80.1

References

REPORT

https://bugzilla.suse.com/1138872

WEB

https://www.suse.com/security/cve/CVE-2019-11708

ADVISORY

https://www.suse.com/support/update/announcement/2019/suse-su-20191684-1/