|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-10-10 | |
| Rule Name: | Mozilla Firefox Spidermonkey IonMonkey Array.prototype.pop Type Confusion Vulnerability (CVE-2019-11707) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Others | |
| Reference: | https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 https://security.gentoo.org/glsa/201908-12 https://www.mozilla.org/security/advisories/mfsa2019-18/ https://www.mozilla.org/security/advisories/mfsa2019-20/ |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ |