CVE-2019-11707 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, in Firefox before 67.0.3. This can allow for an exploitable crash. Mozilla has been made aware of targeted attacks in the wild abusing this flaw. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-995 | firefox-developer-edition | 68.0b10-1 | 68.0b11-1 | Critical | Fixed | |
| AVG-994 | firefox | 67.0.2-1 | 67.0.3-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 Jun 2019 | ASA-201906-19 | AVG-995 | firefox-developer-edition | Critical | arbitrary code execution |
| 19 Jun 2019 | ASA-201906-18 | AVG-994 | firefox | Critical | arbitrary code execution |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 |