21 June 19, 10:43
Quote:Mozilla Patches Second Firefox Zero-Day Used in Cryptocurrency Attacks
The flaw, tracked as CVE-2019-11708, has been described by Mozilla as a high-severity sandbox escape issue.
“Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer,” Mozilla said in its advisory
SOURCE: https://www.securityweek.com/mozilla-pat...cy-attacks
![[-]](https://www.geeks.fyi/images/collapse.png)
