Following Firefox 67.0.3 and 60.7.1 releases additional corrective releases 67.0.4 and 60.7.2, which fixed the second 0-day (CVE-2019-11708) to bypass the sandbox isolation mechanism. The problem uses the manipulation of the Prompt:Open IPC call to open in a parent process that does not use sandboxing the web content selected by the child process. In combination with another vulnerability, this issue allows you to bypass all layers of protection and organize the execution of code in the system.
Vulnerabilities identified in the last two releases of Firefox before being patched to organize an attack on employees of the Coinbase cryptocurrency exchange, as well as to distribute malware for the macOS platform. that information about the first vulnerability was sent to Mozilla by a member of the Google Project Zero project on April 15 and June 10 was in the beta version of Firefox 68 (probably the attackers analyzed the published fix and prepared an exploit using another vulnerability to bypass sandbox isolation).
Source: opennet.ru