Ref# Microsoft | Date: Jun 27th 2019

---

Description

Mozilla has released updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2

Critical

• CVE-2019-11708: sandbox escape using Prompt:Open

          https://bugzilla.mozilla.org/show_bug.cgi?id=1559858

Security vulnerabilities fixed in Thunderbird 60.7.2

Critical

• CVE-2019-11707: Type confusion in Array.pop

          https://bugzilla.mozilla.org/show_bug.cgi?id=1544386

High

• CVE-2019-11708: sandbox escape using Prompt:Open

         https://bugzilla.mozilla.org/show_bug.cgi?id=1559858

For more information on Microsoft May 2019 security updates you can follow this url:

Microsoft Releases Security Updates for Firefox : https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/

Microsoft Releases Security Updates for Thunderbird: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/

 

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

   Microsoft release Security updates for Firefox, Thunderbird (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/06/20/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR