Vulnerability Details : CVE-2019-11707
Public exploit exists!
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Products affected by CVE-2019-11707
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
CVE-2019-11707 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Mozilla Firefox and Thunderbird Type Confusion Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-11707
Added on
2022-05-23
Action due date
2022-06-13
Exploit prediction scoring system (EPSS) score for CVE-2019-11707
68.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11707
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-11707
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-11707
-
https://www.mozilla.org/security/advisories/mfsa2019-18/
Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
Access DeniedIssue Tracking;Permissions Required;Vendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2019-20/
Security vulnerabilities fixed in Thunderbird 60.7.2 — MozillaVendor Advisory
-
https://security.gentoo.org/glsa/201908-12
Mozilla Firefox: Multiple vulnerabilities (GLSA 201908-12) — Gentoo securityThird Party Advisory
Jump to