VulnerableCode Package Details - pkg:alpm/archlinux/firefox@67.0.3-1

Search for packages

Package details: pkg:alpm/archlinux/firefox@67.0.3-1

Essentials
History (2)

purl	pkg:alpm/archlinux/firefox@67.0.3-1

Next non-vulnerable version	67.0.4-1
Latest non-vulnerable version	101.0-1
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-pjt5-ctch-xfes Aliases: CVE-2019-11708	Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.	67.0.4-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-puzw-t6gq-9ubx	A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.	CVE-2019-11707

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T11:36:56.635774+00:00	Arch Linux Importer	Affected by	VCID-pjt5-ctch-xfes	https://security.archlinux.org/AVG-997	37.0.0
2025-07-31T11:35:14.353013+00:00	Arch Linux Importer	Fixing	VCID-puzw-t6gq-9ubx	https://security.archlinux.org/AVG-994	37.0.0