CVE-2019-11707
| CVE Published | 2019-07-23 |
|---|---|
| Related CWE(s) | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
| Related Vendor(s) | mozilla |
| Related Product(s) | thunderbird, firefox, firefox_esr |
| Exploitation Reported (CISA KEV) | 2022-05-23 |
| CVSS 3 Base Score | 8.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph