CVE-2019-11707

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1544386

https://security.gentoo.org/glsa/201908-12

https://www.mozilla.org/security/advisories/mfsa2019-18/

https://www.mozilla.org/security/advisories/mfsa2019-20/

Details

Source: MITRE

Published: 2019-07-23

Updated: 2020-08-24

Type: CWE-843

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (57 total)

IDNameProductFamilySeverity
150682SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2019:14124-1)NessusSuSE Local Security Checks
critical
145685CentOS 8 : firefox (CESA-2019:1696)NessusCentOS Local Security Checks
critical
145575CentOS 8 : thunderbird (CESA-2019:1623)NessusCentOS Local Security Checks
critical
134411NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)NessusNewStart CGSL Local Security Checks
critical
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
128698NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)NessusNewStart CGSL Local Security Checks
critical
128691NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)NessusNewStart CGSL Local Security Checks
critical
127961GLSA-201908-12 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
127596Oracle Linux 8 : firefox (ELSA-2019-1696)NessusOracle Linux Local Security Checks
critical
127595Oracle Linux 8 : thunderbird (ELSA-2019-1623)NessusOracle Linux Local Security Checks
critical
127448NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)NessusNewStart CGSL Local Security Checks
critical
127447NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0163)NessusNewStart CGSL Local Security Checks
critical
127442NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)NessusNewStart CGSL Local Security Checks
critical
127441NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)NessusNewStart CGSL Local Security Checks
critical
126962Amazon Linux 2 : thunderbird (ALAS-2019-1250)NessusAmazon Linux Local Security Checks
critical
126558RHEL 8 : firefox (RHSA-2019:1696)NessusRed Hat Local Security Checks
critical
126465Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : thunderbird vulnerabilities (USN-4045-1)NessusUbuntu Local Security Checks
critical
126435Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)NessusScientific Linux Local Security Checks
critical
126434Scientific Linux Security Update : firefox on SL7.x x86_64 (20190626)NessusScientific Linux Local Security Checks
critical
126389CentOS 7 : thunderbird (CESA-2019:1626)NessusCentOS Local Security Checks
critical
126388CentOS 6 : thunderbird (CESA-2019:1624)NessusCentOS Local Security Checks
critical
126386CentOS 6 : firefox (CESA-2019:1604)NessusCentOS Local Security Checks
critical
126385CentOS 7 : firefox (CESA-2019:1603)NessusCentOS Local Security Checks
critical
126366Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190627)NessusScientific Linux Local Security Checks
critical
126321RHEL 7 : thunderbird (RHSA-2019:1626)NessusRed Hat Local Security Checks
critical
126320RHEL 6 : thunderbird (RHSA-2019:1624)NessusRed Hat Local Security Checks
critical
126319RHEL 8 : thunderbird (RHSA-2019:1623)NessusRed Hat Local Security Checks
critical
126318Oracle Linux 7 : thunderbird (ELSA-2019-1626)NessusOracle Linux Local Security Checks
critical
126317Oracle Linux 6 : thunderbird (ELSA-2019-1624)NessusOracle Linux Local Security Checks
critical
126303Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190626)NessusScientific Linux Local Security Checks
critical
126300Oracle Linux 6 : firefox (ELSA-2019-1604)NessusOracle Linux Local Security Checks
critical
126252RHEL 6 : firefox (RHSA-2019:1604)NessusRed Hat Local Security Checks
critical
126251RHEL 7 : firefox (RHSA-2019:1603)NessusRed Hat Local Security Checks
critical
126249Oracle Linux 7 : firefox (ELSA-2019-1603)NessusOracle Linux Local Security Checks
critical
126247Debian DLA-1836-1 : thunderbird security updateNessusDebian Local Security Checks
critical
126231openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1606)NessusSuSE Local Security Checks
critical
126224Debian DSA-4471-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
126218Mozilla Thunderbird < 60.7.2NessusWindows
critical
126217Mozilla Thunderbird < 60.7.2NessusMacOS X Local Security Checks
critical
126164SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1629-1)NessusSuSE Local Security Checks
high
126147openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1594)NessusSuSE Local Security Checks
critical
126146openSUSE Security Update : MozillaFirefox (openSUSE-2019-1593)NessusSuSE Local Security Checks
high
126137FreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)NessusFreeBSD Local Security Checks
critical
126133Fedora 30 : gjs / mozjs60 (2019-c2ff49ef73)NessusFedora Local Security Checks
critical
126094Slackware 14.2 / current : mozilla-thunderbird (SSA:2019-172-02)NessusSlackware Local Security Checks
high
126080Fedora 29 : firefox (2019-9d9ad2999e)NessusFedora Local Security Checks
high
126078Debian DLA-1829-1 : firefox-esr security updateNessusDebian Local Security Checks
high
126055Fedora 30 : firefox (2019-2cac67b3bc)NessusFedora Local Security Checks
high
126032Slackware 14.2 / current : mozilla-firefox (SSA:2019-169-02)NessusSlackware Local Security Checks
high
126019FreeBSD : mozilla -- multiple vulnerabilities (0cea6e0a-7a39-4dac-b3ec-dbc13d404f76)NessusFreeBSD Local Security Checks
high
126012Debian DSA-4466-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
700741Mozilla Firefox ESR < 60.7.1 Security VulnerabilityNessus Network MonitorWeb Clients
medium
700740Mozilla Firefox < 67.0.3 Security VulnerabilityNessus Network MonitorWeb Clients
medium
126002Mozilla Firefox < 67.0.3NessusWindows
high
126001Mozilla Firefox ESR < 60.7.1NessusWindows
high
126000Mozilla Firefox < 67.0.3NessusMacOS X Local Security Checks
high
125999Mozilla Firefox ESR < 60.7.1NessusMacOS X Local Security Checks
high