CVE-2019-11707

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11707

Downstream

ALPINE-CVE-2019-11707

DEBIAN-CVE-2019-11707

DLA-1829-1

DLA-1836-1

DSA-4466-1

DSA-4471-1

RHSA-2019:1603

RHSA-2019:1604

RHSA-2019:1623

RHSA-2019:1624

RHSA-2019:1626

RHSA-2019:1696

SUSE-RU-2019:1625-1

SUSE-SU-2019:14124-1

SUSE-SU-2019:1629-1

SUSE-SU-2019:1683-1

UBUNTU-CVE-2019-11707

USN-4020-1

USN-4045-1

openSUSE-SU-2019:1593-1

openSUSE-SU-2019:1606-1

openSUSE-SU-2019:1664-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2019-07-23T14:15:15Z

Modified

2025-08-09T19:01:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

References

Affected packages