{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.7.2-lp151.2.7.1","MozillaFirefox-branding-upstream":"60.7.2-lp151.2.7.1","MozillaFirefox-buildsymbols":"60.7.2-lp151.2.7.1","MozillaFirefox-devel":"60.7.2-lp151.2.7.1","MozillaFirefox-translations-common":"60.7.2-lp151.2.7.1","MozillaFirefox-translations-other":"60.7.2-lp151.2.7.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"MozillaFirefox","purl":"pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.7.2-lp151.2.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n- Mozilla Firefox Firefox 60.7.2\n  MFSA 2019-19 (bsc#1138872)\n\n- CVE-2019-11708: Fix sandbox escape using Prompt:Open.\n  * Insufficient vetting of parameters passed with the Prompt:Open IPC\n    message between child and parent processes could result in the non-sandboxed\n    parent process opening web content chosen by a compromised child process.\n    When combined with additional vulnerabilities this could result in executing\n    arbitrary code on the user's computer.\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:1595-1","modified":"2019-06-24T05:45:06Z","published":"2019-06-24T05:45:06Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XALV3AU3HBDKJFBHPZDW2YNTUSXWL2UF/#XALV3AU3HBDKJFBHPZDW2YNTUSXWL2UF"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11708"}],"related":["CVE-2019-11708"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2019-11708"]}