Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1684-1 Final 1 1 2019-06-22T15:35:41Z current 2019-06-22T15:35:41Z 2019-06-22T15:35:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-1684,SUSE-OpenStack-Cloud-7-2019-1684,SUSE-OpenStack-Cloud-8-2019-1684,SUSE-SLE-DESKTOP-12-SP3-2019-1684,SUSE-SLE-DESKTOP-12-SP4-2019-1684,SUSE-SLE-DESKTOP-12-SP5-2019-1684,SUSE-SLE-SAP-12-SP1-2019-1684,SUSE-SLE-SAP-12-SP2-2019-1684,SUSE-SLE-SAP-12-SP3-2019-1684,SUSE-SLE-SDK-12-SP3-2019-1684,SUSE-SLE-SDK-12-SP4-2019-1684,SUSE-SLE-SDK-12-SP5-2019-1684,SUSE-SLE-SERVER-12-2019-1684,SUSE-SLE-SERVER-12-SP1-2019-1684,SUSE-SLE-SERVER-12-SP2-2019-1684,SUSE-SLE-SERVER-12-SP2-BCL-2019-1684,SUSE-SLE-SERVER-12-SP3-2019-1684,SUSE-SLE-SERVER-12-SP4-2019-1684,SUSE-SLE-SERVER-12-SP5-2019-1684,SUSE-Storage-4-2019-1684,SUSE-Storage-5-2019-1684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191684-1/ Link for SUSE-SU-2019:1684-1 https://lists.suse.com/pipermail/sle-security-updates/2019-June/005624.html E-Mail link for SUSE-SU-2019:1684-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1138872 SUSE Bug 1138872 https://www.suse.com/security/cve/CVE-2019-11708/ SUSE CVE CVE-2019-11708 page SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-branding-upstream-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 MozillaFirefox-translations-other-60.7.2-109.80.1 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Enterprise Storage 4 MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Enterprise Storage 4 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Enterprise Storage 4 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Enterprise Storage 5 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Enterprise Storage 5 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP3 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP3 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP4 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12 SP4 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12-LTSS MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12-LTSS MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server 12-LTSS MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE OpenStack Cloud 7 MozillaFirefox-devel-60.7.2-109.80.1 as a component of SUSE OpenStack Cloud 7 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE OpenStack Cloud 7 MozillaFirefox-60.7.2-109.80.1 as a component of SUSE OpenStack Cloud 8 MozillaFirefox-translations-common-60.7.2-109.80.1 as a component of SUSE OpenStack Cloud 8 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. CVE-2019-11708 SUSE Enterprise Storage 4:MozillaFirefox-60.7.2-109.80.1 SUSE Enterprise Storage 4:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Enterprise Storage 5:MozillaFirefox-60.7.2-109.80.1 SUSE Enterprise Storage 5:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.7.2-109.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.7.2-109.80.1 SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.7.2-109.80.1 SUSE OpenStack Cloud 7:MozillaFirefox-60.7.2-109.80.1 SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.7.2-109.80.1 SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.7.2-109.80.1 SUSE OpenStack Cloud 8:MozillaFirefox-60.7.2-109.80.1 SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-60.7.2-109.80.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191684-1/ https://www.suse.com/security/cve/CVE-2019-11708.html CVE-2019-11708 https://bugzilla.suse.com/1138872 SUSE Bug 1138872