As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| mozilla | firefox | 68.0 | - |
| mozilla | firefox_esr | 60.8 | - |
| mozilla | thunderbird | 60.8 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7
Affected Products
30
References
mozilla / firefox
| - |
| debian | debian_linux | - | - |
| novell | suse_package_hub_for_suse_linux_enterprise | - | - |
| opensuse | leap | - | - |
| opensuse | leap | - | - |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Exploitability
Impact