Vulnerability Description
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 60.7.1 |
| Mozilla | Thunderbird | < 60.7.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386Issue TrackingPermissions RequiredVendor Advisory
- https://security.gentoo.org/glsa/201908-12Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-18/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-20/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386Issue TrackingPermissions RequiredVendor Advisory
- https://security.gentoo.org/glsa/201908-12Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-18/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-20/Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource
FAQ
What is CVE-2019-11707?
CVE-2019-11707 is a vulnerability with a CVSS score of 8.8 (HIGH). A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing ...
How severe is CVE-2019-11707?
CVE-2019-11707 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11707?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.