Unrated severityCISA KEVNVD Advisory· Published Jul 23, 2019· Updated Oct 21, 2025
CVE-2019-11707
CVE-2019-11707
Description
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34< 60.7.1+ 3 more
- (no CPE)range: < 60.7.1
- (no CPE)range: < 67.0.3
- (no CPE)range: unspecified
- (no CPE)range: unspecified
< 60.7.2+ 1 more
- (no CPE)range: < 60.7.2
- (no CPE)range: unspecified
- osv-coords28 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 128.5.1-1.1+ 27 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 60.7.2-lp150.3.59.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 60.7.2-lp151.2.7.1
- (no CPE)range: < 60.7.2-lp151.2.7.1
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-3.45.1
- (no CPE)range: < 60.7.1-3.45.1
- (no CPE)range: < 60.8.0esr-78.43.2
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.1-109.77.1
- (no CPE)range: < 60.7.2-3.43.1
- (no CPE)range: < 60.7.2-3.43.1
- (no CPE)range: < 60.7.2-85.1
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/201908-12mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2019-18/mitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2019-20/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.