← Volver a CVEs
CVE-2019-11707
HIGHCISA KEV8.8
Descripcion
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado7/23/2019
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMozilla
ProductoFirefox and Thunderbird
Nombre vulnerabilidadMozilla Firefox and Thunderbird Type Confusion Vulnerability
Fecha inclusion KEV2022-05-23
Fecha limite remediacion2022-06-13
Uso en ransomwareUnknown
Productos afectados
mozilla:firefoxmozilla:thunderbird
Debilidades (CWE)
CWE-843CWE-843
Referencias
https://bugzilla.mozilla.org/show_bug.cgi?id=1544386(security@mozilla.org)
https://security.gentoo.org/glsa/201908-12(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2019-18/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2019-20/(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1544386(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201908-12(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2019-18/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2019-20/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11707(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.