A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because `addons.mozilla.org` and `accounts.firefox.com` have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
Acknowledgments: Name: the Mozilla project Upstream: Niklas Baumstark via TrendMicro's Zero Day Initiative
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11741