Fungovanie tejto stránky je z dôvodu údržby dočasne obmedzené. Ak článok nevyrieši váš problém a chcete položiť otázku, napíšte našej komunite podpory na Twitter @FirefoxSupport alebo Reddit /r/firefox.

Avatar for Username

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Ďalšie informácie

Táto téma bola archivovaná. Ak potrebujete pomôcť, založte prosím novú otázku.

Does Firefox 60.7.2 ESR contain the security fix detailed in "CVE-2019-11702: IE protocols can be used to open known local files"?

  • 2 odpovede
  • 1 má tento problém
  • 5 zobrazení
  • Posledná odpoveď od someguy

someguy
someguy
more options

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16.

ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16. ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

Vybrané riešenie

hi, firefox 60.0esr will not receive a fix for this particular vulnerability. the first version of the 68.0esr release train, which just got released today does contain a patch of it though.

according to https://www.mozilla.org/en-US/firefox/organizations/ mozilla is only committing to backporting fixes for high-risk/high-impact vulnerabilities to the extended support release - https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 in particular was only classified as moderate though...

Čítať túto odpoveď v kontexte 👍 1

Všetky odpovede (2)

philipp
philipp
  • Moderator
more options

Vybrané riešenie

hi, firefox 60.0esr will not receive a fix for this particular vulnerability. the first version of the 68.0esr release train, which just got released today does contain a patch of it though.

according to https://www.mozilla.org/en-US/firefox/organizations/ mozilla is only committing to backporting fixes for high-risk/high-impact vulnerabilities to the extended support release - https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 in particular was only classified as moderate though...

someguy
someguy Autor otázky
more options

This is exactly what I needed to know. Thanks for the quick response!