CVE-2019-11707

Warnung

EPSS 81.06%
Veröffentlicht 23.07.2019 14:15:15
Zuletzt bearbeitet 03.04.2025 21:03:18
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox SwEditionesr Version < 60.7.1

Mozilla ≫ Firefox Version < 60.7.3

Mozilla ≫ Thunderbird Version < 60.7.2

23.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Mozilla Firefox and Thunderbird Type Confusion Vulnerability

Schwachstelle

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.06%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://bugzilla.mozilla.org/show_bug.cgi?id=1544386

Vendor Advisory

Issue Tracking

Permissions Required

https://security.gentoo.org/glsa/201908-12

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2019-18/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-20/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11707

EUVD