CVE-2019-11707
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11707
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11707.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11707
- Related
- Published
- 2019-07-23T14:15:15Z
- Modified
- 2024-09-18T03:04:03.935945Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
- References
-
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
- https://security.gentoo.org/glsa/201908-12
- https://www.mozilla.org/security/advisories/mfsa2019-18/
- https://www.mozilla.org/security/advisories/mfsa2019-20/
- https://security.alpinelinux.org/vuln/CVE-2019-11707
- https://security-tracker.debian.org/tracker/CVE-2019-11707
Affected packages
Alpine:v3.10 / mozjs60
Package
- Name
- mozjs60
- Purl
- pkg:apk/alpine/mozjs60?arch=source
Alpine:v3.11 / mozjs60
Package
- Name
- mozjs60
- Purl
- pkg:apk/alpine/mozjs60?arch=source
Alpine:v3.12 / mozjs60
Package
- Name
- mozjs60
- Purl
- pkg:apk/alpine/mozjs60?arch=source
Debian:11 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Debian:12 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Debian:13 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Debian:11 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/debian/thunderbird?arch=source
Debian:12 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/debian/thunderbird?arch=source
Debian:13 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/debian/thunderbird?arch=source