CVE-2019-11708 - OpenCVE

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox Esr Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

References

Link	Resource
http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1559858	Issue Tracking Permissions Required Vendor Advisory
https://security.gentoo.org/glsa/201908-12
https://www.mozilla.org/security/advisories/mfsa2019-19/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-20/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2019-07-23T13:20:03

Updated: 2019-12-09T17:06:05

Reserved: 2019-05-03T00:00:00

Link: CVE-2019-11708

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-23T14:15:15.327

Modified: 2019-08-15T18:15:17.287

Link: CVE-2019-11708

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "60.7.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "67.0.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "60.7.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2."}], "problemTypes": [{"descriptions": [{"description": "sandbox escape using Prompt:Open", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-09T17:06:05", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-19/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-20/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858"}, {"name": "GLSA-201908-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-12"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11708", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "60.7.2"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "67.0.4"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "60.7.2"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "sandbox escape using Prompt:Open"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2019-19/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2019-19/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-20/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2019-20/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858"}, {"name": "GLSA-201908-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-12"}, {"name": "http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11708", "datePublished": "2019-07-23T13:20:03", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2019-12-09T17:06:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-06-13", "cisaExploitAdd": "2022-05-23", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCF2E157-C3DC-4A07-890F-68A9A2F65698", "versionEndExcluding": "67.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "87301197-9B8D-4715-825F-7299AE41CE53", "versionEndExcluding": "60.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1B4E516-92BD-48AC-9D6E-175FF71A2E4A", "versionEndExcluding": "60.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2."}, {"lang": "es", "value": "Una revisi\u00f3n insuficiente de los par\u00e1metros pasados ??con el mensaje IPC de Prompt:Open, entre procesos hijo y padre puede resultar que el proceso padre fuera del Sandbox abra el contenido web elegido por un proceso hijo comprometido. Cuando se combina con vulnerabilidades adicionales, esto podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario en el ordenador del usuario. Esta vulnerabilidad afecta a Firefox ESR anterior a versi\u00f3n 60.7.2, Firefox anterior a versi\u00f3n 67.0.4 y Thunderbird anterior a versi\u00f3n 60.7.2."}], "id": "CVE-2019-11708", "lastModified": "2019-08-15T18:15:17.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T14:15:15.327", "references": [{"source": "security@mozilla.org", "url": "http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201908-12"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-19/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-20/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}