Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Does Firefox 60.7.2 ESR contain the security fix detailed in "CVE-2019-11702: IE protocols can be used to open known local files"?

  • 2 réponses
  • 1 a ce problème
  • 1 vue
  • Dernière réponse par someguy

more options

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16.

ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16. ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

Solution choisie

hi, firefox 60.0esr will not receive a fix for this particular vulnerability. the first version of the 68.0esr release train, which just got released today does contain a patch of it though.

according to https://www.mozilla.org/en-US/firefox/organizations/ mozilla is only committing to backporting fixes for high-risk/high-impact vulnerabilities to the extended support release - https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 in particular was only classified as moderate though...

Lire cette réponse dans son contexte 👍 1

Toutes les réponses (2)

more options

Solution choisie

hi, firefox 60.0esr will not receive a fix for this particular vulnerability. the first version of the 68.0esr release train, which just got released today does contain a patch of it though.

according to https://www.mozilla.org/en-US/firefox/organizations/ mozilla is only committing to backporting fixes for high-risk/high-impact vulnerabilities to the extended support release - https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 in particular was only classified as moderate though...

more options

This is exactly what I needed to know. Thanks for the quick response!