### [CVE-2019-11708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11708)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2060.7.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2067.0.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=sandbox%20escape%20using%20Prompt%3AOpen&color=brighgreen)

### Description

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

### POC

#### Reference
- http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html

#### Github
- https://github.com/0vercl0k/0vercl0k
- https://github.com/0vercl0k/CVE-2019-11708
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ChefGordon/List-O-Tools
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/Enes4xd/Enes4xd
- https://github.com/GhostTroops/TOP
- https://github.com/JERRY123S/all-poc
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Sp0pielar/CVE-2019-9791
- https://github.com/Tyro-Shan/gongkaishouji
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/ZTK-009/Penetration_PoC
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/anquanscan/sec-tools
- https://github.com/b0o/starred
- https://github.com/cr0ss2018/cr0ss2018
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/ezelnur6327/Enes4xd
- https://github.com/ezelnur6327/ezelnur6327
- https://github.com/fox-land/stars
- https://github.com/gaahrdner/starred
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/hyperupcall/stars
- https://github.com/jbmihoub/all-poc
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/m1ghtym0/browser-pwn
- https://github.com/password520/Penetration_PoC
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji