Unrated severityCISA KEVNVD Advisory· Published Jul 23, 2019· Updated Oct 21, 2025

CVE-2019-11707

Description

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Affected products

Mozilla Corporation/Firefoxv5
Range: unspecified
Mozilla Corporation/Thunderbirdv5
Range: unspecified
Mozilla/Firefox ESRv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/201908-12mitrevendor-advisoryx_refsource_GENTOO
bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
www.mozilla.org/security/advisories/mfsa2019-18/mitrex_refsource_MISC
www.mozilla.org/security/advisories/mfsa2019-20/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000