CVE-2019-25136

Summary

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 70affected

Weaknesses

  • Invalid styles allowed from content processes

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References