CVE-2019-11707

Summary

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 60.7.1affected
MozillaFirefoxunspecified < 67.0.3affected
MozillaThunderbirdunspecified < 60.7.2affected

Weaknesses

  • Type confusion in Array.pop

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References