CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)

Security Fixes : - Mozilla: Type confusion in Array.pop CVE-2019-11707 - thunderbird: Stack buffer overflow in icalrecuraddbydayrules in icalrecur.c CVE-2019-11705 - Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 - thunderbird: Heap buffer over read in icalparser.c parsergetnextchar...

CentOS Update for firefox CESA-2019:1603 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190626)

Security Fixes : - Mozilla: Type confusion in Array.pop CVE-2019-11707 - Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid126434; scriptversion"1.11";...

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw...

Mozilla Firefox Type Confusion (CVE-2019-11707)

A type confusion vulnerability exists in Mozilla Firefox. The vulnerability is due to lack of verification when handling Array.pop. Successful exploitation of this vulnerability could result in a crash...

Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion

Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: ...

FreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)

Mozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-1170...

openSUSE Security Update : MozillaFirefox (openSUSE-2019-1593)

This update for MozillaFirefox fixes the following issues : Mozilla Firefox 60.7.1esr was released to address MFSA 2019-18 boo1138614 - CVE-2019-11707: Fixed a type confusion in Array.pop %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1593-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1629-1)

This update for MozillaFirefox to version 60.7.1 fixes the following issues : Security issue fixed : CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop bsc1138614 Other issues addressed: Added the new Mozilla's GPG key expiring on 2021-05-29 to the mozilla.keyring file Fixed broke...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:1593-1 Rating: important References: 1138614 Cross-References: CVE-2019-11707 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Descriptio...

Updated firefox packages fix security vulnerability

The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. CVE-2019-11707...

MGASA-2019-0198 Updated firefox packages fix security vulnerability

The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. CVE-2019-11707...

Fedora 29 : firefox (2019-9d9ad2999e)

New upstream version 67.0.3 - Fixed CVE-2019-11707: Type confusion in Array.pop ---- - New upstream version 67.0.2 - Release notes are available at https://www.mozilla.org/en-US/firefox/67.0.2/releasenote s/ Note that Tenable Network Security has extracted the preceding description block directly...

Security vulnerabilities fixed in Thunderbird 60.7.2 — Mozilla

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. Insufficient vetting of parameters passed with the Prompt:Open IPC message between chi...

Mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708...

Fedora 30 : firefox (2019-2cac67b3bc)

New upstream version 67.0.3 - Fixed CVE-2019-11707: Type confusion in Array.pop Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...