Aller au contenu
Appaloosa Scout
HIGH 8.8 KEV

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Ajouté au KEV
2022-05-23
Deadline remédiation
2022-06-13
Action requise
Apply updates per vendor instructions.
Ransomware
Non

Apps mobiles affectées

Firefox : Navigateur privé
Android
org.mozilla.firefox
1 CVE 1 KEV
Firefox: Navigateur Internet
iOS
org.mozilla.ios.Firefox
1 CVE 1 KEV

Configurations CPE vulnérables

Vendor Produit Plateforme Versions CPE 2.3 URI
mozilla firefox Android <60.7.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
mozilla firefox iOS <60.7.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
mozilla firefox Android <67.0.3 cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
mozilla firefox iOS <67.0.3 cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Voir sur NVD ↗ Catalogue CISA KEV ↗