The week of security flaws in Firefox continues. While June 19th marked the last Zero-Day-Exploit in the younger history of the browser, June 20th faced the next one. Mozilla reacted fast informed in CVE-2019-11708 (Sandbox escape using Prompt:Open") that updating your browser to the latest minor update should fix this issue. Security researches told that both flaws were taken advantage of in combination.

The bug, numbered 1559858, is stated as follows: "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer."

Firefox Quantum 67.0.4

As usual there won't be 100% security unless you decide to pull the power cord from your internet gateway and refuse to use a cellular backup connection. It's good to see that Mozilla Fundation is reacting fast and handles public relations really well here, directly informing of the exploits.

What you can do is quite simple - just head to the "About"-section of your Firefox-installation and update your Firefox Quantum to version 67.0.4 or 60.7.2 (ESR) - that's it! In the meantime this one cat-and-mouse-game continues so let's hope that - besides Mozilla - other vendors are acting in the same way when it comes to maintaining security!