CVE-2019-25136: firefox: arbitrary code execution and a sandbox escape

Severity: Critical

CVSS Score: 10

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.