A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. https://www.mozilla.org/security/advisories/mfsa2019-34/ https://bugzilla.mozilla.org/show_bug.cgi?id=1530709
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-25136