ALPINE-CVE-2019-11708

ALPINE-CVE-2019-11708 PUBLISHED CVSS 10 CRITICAL

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

Risk Scores

CVSS v3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.12	mozjs60	0, 60.7.0-r0, 60.6.2-r0
Alpine:v3.11	mozjs60	60.7.0-r0, 0, 60.0.2-r2
Alpine:v3.10	mozjs60	0, 60.7.0-r0, 60.6.2-r0

Timeline

Jul 23, 2019 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-11708 advisory

Open in Interactive Console →