We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Αυτός ο ιστότοπος θα έχει περιορισμένη λειτουργικότητα, όσο εκτελούμε εργασίες συντήρησης για να βελτιώσουμε την εμπειρία σας. Αν ένα άρθρο δεν επιλύει το ζήτημά σας και θέλετε να κάνετε μια ερώτηση, η κοινότητα υποστήριξής μας είναι έτοιμη να σας βοηθήσει στο Twitter (@FirefoxSupport) και στο Reddit (/r/firefox).

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Μάθετε περισσότερα

Does Firefox 60.7.2 ESR contain the security fix detailed in "CVE-2019-11702: IE protocols can be used to open known local files"?

  • 2 απαντήσεις
  • 1 έχει αυτό το πρόβλημα
  • 1 προβολή
  • Τελευταία απάντηση από someguy

more options

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16.

ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16. ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

Επιλεγμένη λύση

hi, firefox 60.0esr will not receive a fix for this particular vulnerability. the first version of the 68.0esr release train, which just got released today does contain a patch of it though.

according to https://www.mozilla.org/en-US/firefox/organizations/ mozilla is only committing to backporting fixes for high-risk/high-impact vulnerabilities to the extended support release - https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 in particular was only classified as moderate though...

Ανάγνωση απάντησης σε πλαίσιο 👍 1

Όλες οι απαντήσεις (2)

more options

Επιλεγμένη λύση

hi, firefox 60.0esr will not receive a fix for this particular vulnerability. the first version of the 68.0esr release train, which just got released today does contain a patch of it though.

according to https://www.mozilla.org/en-US/firefox/organizations/ mozilla is only committing to backporting fixes for high-risk/high-impact vulnerabilities to the extended support release - https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 in particular was only classified as moderate though...

more options

This is exactly what I needed to know. Thanks for the quick response!