CVE-2019-11707
CVSS v3.1
8.8 (High)
CVSS v2.0
7.5 (High)
EPSS
80.86 % (98th)
Affected Products
3
Advisories
36
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Weaknesses
- CWE-843
- Access of Resource Using Incompatible Type ('Type Confusion')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2019-07-23 14:15:15
(5 years ago) - Updated Date
-
2023-01-31 14:15:10
(19 months ago)
Mozilla Firefox and Thunderbird Type Confusion Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2019-11707
- Vendor
- Mozilla
- Product
- Firefox and Thunderbird
- In CISA Catalog from
-
2022-05-23
(2 years ago) - Due Date
-
2022-06-13
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...