What is CVE-2019-11707?

CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox and Thunderbird that allows for an exploitable crash.

Which software versions are affected by CVE-2019-11707?

CVE-2019-11707 affects Firefox ESR versions prior to 60.7.1, Firefox versions prior to 67.0.3, and Thunderbird versions prior to 60.7.2.

What is the severity of CVE-2019-11707?

CVE-2019-11707 has a severity rating of 8.8 (Critical).

How can I fix CVE-2019-11707?

To fix CVE-2019-11707, update your Firefox ESR version to 60.7.1 or later, update your Firefox version to 67.0.3 or later, and update your Thunderbird version to 60.7.2 or later.

Where can I find more information about CVE-2019-11707?

You can find more information about CVE-2019-11707 on the Mozilla website at https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ and https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ as well as on the Bugzilla page at https://bugzilla.mozilla.org/show_bug.cgi?id=1544386.

Vulnerability/
CVE-2019-11707

Exploited

high

8.8

CWE

843

18/6/2019

23/7/2019

4/8/2024

CVE-2019-11707: Mozilla Firefox and Thunderbird Type Confusion Vulnerability

First published: Tue Jun 18 2019(Updated: )

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Thunderbird	<60.7.2	60.7.2
Mozilla Firefox	<67.0.3	67.0.3
Mozilla Firefox ESR	<60.7.1	60.7.1
Mozilla Firefox	<60.7.3
Mozilla Firefox ESR	<60.7.1
Mozilla Thunderbird	<60.7.2
Mozilla Firefox and Thunderbird
	<60.7.3
	<60.7.1
	<60.7.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2019-11707?
CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox and Thunderbird that allows for an exploitable crash.
Which software versions are affected by CVE-2019-11707?
CVE-2019-11707 affects Firefox ESR versions prior to 60.7.1, Firefox versions prior to 67.0.3, and Thunderbird versions prior to 60.7.2.
What is the severity of CVE-2019-11707?
CVE-2019-11707 has a severity rating of 8.8 (Critical).
How can I fix CVE-2019-11707?
To fix CVE-2019-11707, update your Firefox ESR version to 60.7.1 or later, update your Firefox version to 67.0.3 or later, and update your Thunderbird version to 60.7.2 or later.
Where can I find more information about CVE-2019-11707?
You can find more information about CVE-2019-11707 on the Mozilla website at https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ and https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ as well as on the Bugzilla page at https://bugzilla.mozilla.org/show_bug.cgi?id=1544386.

collector/mozilla-advisory
agent/type
agent/first-publish-date
agent/severity
agent/title
agent/weakness
agent/author
agent/description
source/Mozilla
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
exploited/true
collector/cisa-known-exploited
source/CISA
agent/references
agent/softwarecombine
agent/event
agent/tags
collector/nvd-cve
source/NVD
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox
canonical/mozilla firefox esr
canonical/mozilla firefox and thunderbird