Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11707

Опубликовано: 23 июл. 2019
Источник: ubuntu
Приоритет: high
EPSS Высокий
CVSS2: 7.5
CVSS3: 8.8

Описание

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

РелизСтатусПримечание
bionic

released

67.0.3+build1-0ubuntu0.18.04.1
cosmic

released

67.0.3+build1-0ubuntu0.18.10.1
devel

released

67.0.3+build1-0ubuntu1
disco

released

67.0.3+build1-0ubuntu0.19.04.1
eoan

released

67.0.3+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

67.0.3+build1-0ubuntu1
groovy

released

67.0.3+build1-0ubuntu1
hirsute

released

67.0.3+build1-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

not-affected

PoC does not cause crash
cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

PoC does not cause crash
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

released

1:60.7.2+build1-0ubuntu0.18.04.1
cosmic

released

1:60.7.2+build1-0ubuntu0.18.10.1
devel

released

1:60.7.2+build1-0ubuntu1
disco

released

1:60.7.2+build1-0ubuntu0.19.04.1
eoan

released

1:60.7.2+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

1:60.7.2+build1-0ubuntu1
groovy

released

1:60.7.2+build1-0ubuntu1
hirsute

released

1:60.7.2+build1-0ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.84214
Высокий

7.5 High

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-11707

CVSS3: 8.8
redhat
около 6 лет назад

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

nvd логотип

CVE-2019-11707

CVSS3: 8.8
nvd
почти 6 лет назад

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

debian логотип

CVE-2019-11707

CVSS3: 8.8
debian
почти 6 лет назад

A type confusion vulnerability can occur when manipulating JavaScript ...

suse-cvrf логотип

openSUSE-SU-2019:1593-1

suse-cvrf
около 6 лет назад

Security update for MozillaFirefox

suse-cvrf логотип

SUSE-SU-2019:1629-1

suse-cvrf
около 6 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 99%
0.84214
Высокий

7.5 High

CVSS2

8.8 High

CVSS3