CVE-2019-11707
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 60.7.1 | affected |
| Mozilla | Firefox | unspecified < 67.0.3 | affected |
| Mozilla | Thunderbird | unspecified < 60.7.2 | affected |
Weaknesses
- Type confusion in Array.pop
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2019-20/
- https://www.mozilla.org/security/advisories/mfsa2019-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
- https://security.gentoo.org/glsa/201908-12
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://www.mozilla.org/security/advisories/mfsa2019-20/
- https://www.mozilla.org/security/advisories/mfsa2019-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
- https://security.gentoo.org/glsa/201908-12
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.