CVE-2019-25136: Critical severity firefox vulnerability

Q: What is CVE-2019-25136?

CVE-2019-25136 is a vulnerability where a compromised child process can inject XBL Bindings into privileged CSS rules, allowing arbitrary code execution and a sandbox escape.

Q: Which software is affected by CVE-2019-25136?

Mozilla Firefox versions up to but not including 70 are affected by CVE-2019-25136.

Q: What is the severity of CVE-2019-25136?

CVE-2019-25136 has a severity rating of high (7 out of 10).

Q: How can I fix CVE-2019-25136?

Updating Mozilla Firefox to version 70 or higher will fix CVE-2019-25136.

Q: Where can I find more information about CVE-2019-25136?

More information about CVE-2019-25136 can be found at the following references: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1530709), [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/).

Published Oct 22, 2019

Updated

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<70

Mozilla Firefox<70.0

Event History

Oct 22, 2019

CVE Published

12:00 AM

Jun 19, 2023

CVE Published

via MITRE·10:45 AM

Data Sourced

via MITRE·10:45 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2019-34

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-25136?

CVE-2019-25136 is a vulnerability where a compromised child process can inject XBL Bindings into privileged CSS rules, allowing arbitrary code execution and a sandbox escape.

Which software is affected by CVE-2019-25136?

Mozilla Firefox versions up to but not including 70 are affected by CVE-2019-25136.

What is the severity of CVE-2019-25136?