CVE-2019-11707

Name
CVE-2019-11707
Description
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-20/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-18/
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
GENTOO https://security.gentoo.org/glsa/201908-12

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* thunderbird >= None < 60.7.2
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* firefox >= None < 60.7.3
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* firefox_esr >= None < 60.7.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status