Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1000
VMScore

CVE-2019-11708

Published: 23/07/2019 Updated: 15/08/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Firefox Esr

Vulnerability Summary

It exists that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox esr

mozilla firefox

mozilla thunderbird

Vendor Advisories

Ubuntu Security Notice: firefox vulnerability
A sandbox escape was discovered in Firefox ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Debian Security Advisories: DSA-4474-1 firefox-esr -- security update
A sandbox escape was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code if combined with additional vulnerabilities For the stable distribution (stretch), this problem has been fixed in version 6072esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed secu ...
Debian Security Advisories: DSA-4471-1 thunderbird -- security update
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read For the stable distribution (stretch), these problems have been fixed in version 1:6072-1~deb9u1 We recommend that you upgrade your thunderbird packages For the detailed security status of thunderbird p ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Amazon Linux 2: ALAS2-2019-1250
libical: Heap buffer over read in icalparserc parser_get_next_char (CVE-2019-11703) libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalpropertyc (CVE-2019-11706) Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecurc (CVE-2019-11705) libica ...
Arch Linux Issues:
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer ...
Mozilla: Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2
Mozilla Foundation Security Advisory 2019-19 Security vulnerabilities fixed in Firefox 6704 and Firefox ESR 6072 Announced June 20, 2019 Impact high Products Firefox, Firefox ESR Fixed in Firefox 67 ...
Mozilla: Security vulnerabilities fixed in Thunderbird 60.7.2
Mozilla Foundation Security Advisory 2019-20 Security vulnerabilities fixed in Thunderbird 6072 Announced June 20, 2019 Impact high Products Thunderbird Fixed in Thunderbird 6072 ...

Exploits

Exploit DB: Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download ~ githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752zip // 0:000> ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000`051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13n; // 0:000> ? xul!disabledForTest - xul ...
Exploit DB: Mozilla Firefox 67 Array.pop JIT Type Confusion
Mozilla Firefox version 67 Arraypop JIT type confusion exploit with sandbox escape ...

Github Repositories

https://github.com/0vercl0k/CVE-2019-11708

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

Full chain exploit for CVE-2019-11708 & CVE-2019-9810 This is a full browser compromise exploit chain (CVE-2019-11708 & CVE-2019-9810) targeting Firefox on Windows 64-bit It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL

https://github.com/ChefGordon/List-O-Tools

This is a list of offensive security tools that I have curated and actaully saved..

List-O-Tools This is a list of offensive security tools that I have curated and actaully saved githubcom/751643992/whale githubcom/751643992/LittleCCompiler githubcom/751643992/shellcode githubcom/odzhan/acorn githubcom/odzhan/injection githubcom/odzhan/dewifi githubcom/odzhan/polymutex githubcom/TonyChen

https://github.com/Sp0pielar/CVE-2019-9791

Exploit chain for CVE-2019-9791 & CVE-2019-11708 against firefox 65.0 on windows 64bit

Exploit chain for CVE-2019-9791 & CVE-2019-11708 against Firefox 650 Works against Firefox 650 on windows 64bit CVE-2019-11708 part is taken from exploit by 0vercl0k: githubcom/0vercl0k/CVE-2019-11708 The exploit uses CVE-2019-9791 to obtain read/write primitive in content process then CVE-2019-11708 to make the main process load arbitrary url In parent pr

https://github.com/hyperupcall/stars

Edwin's stars.

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ANTLR ASL Ada Assembly AutoHotkey Awk Ballerina Batchfile Bicep Blade Brainfuck C C# C++ CMake CSS CUE Clojure CodeQL CoffeeScript Common Lisp Coq Crystal Cuda Cython D Dart Dhall Dockerfile Elixir Emacs Lisp Erlang F# F* Fennel Forth Fortran Frege GDScript Gherkin Go Groovy HCL HTML Haml Handle

https://github.com/mgarcia10723/Module-1-Challenge

Submitting a text entry box or a website url

COINBASE HOW COINBASE BECAME THE LEADING CRYPTOCURRENCY APP IN THE USA Coinbase Global, Inc, branded Coinbase is an American publicly traded company that operates a cryptocurrency exchange platform The company was founded in 2012 and it's headquarters were based in San Francisco, California until May 2020 when the company decided to move to a remote-first working enviro

Recent Articles

IT threat evolution Q2 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q2 2019 will be remembered for several events. First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too. Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobile accounts through explo...

Read more...

References

CWE-20https://www.mozilla.org/security/advisories/mfsa2019-20/https://www.mozilla.org/security/advisories/mfsa2019-19/https://bugzilla.mozilla.org/show_bug.cgi?id=1559858https://security.gentoo.org/glsa/201908-12http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/4032-1/https://www.exploit-db.com/exploits/47752
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook