As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811
Acknowledgments: Name: the Mozilla project Upstream: Niklas Baumstark
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1764 https://access.redhat.com/errata/RHSA-2019:1764
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1765 https://access.redhat.com/errata/RHSA-2019:1765
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1763 https://access.redhat.com/errata/RHSA-2019:1763
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9811
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1775 https://access.redhat.com/errata/RHSA-2019:1775
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1777 https://access.redhat.com/errata/RHSA-2019:1777
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1799 https://access.redhat.com/errata/RHSA-2019:1799