vulnerability

FreeBSD: (Multiple Advisories) (CVE-2019-11707): Mozilla -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jun 18, 2019	Jun 19, 2019	May 24, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jun 18, 2019

Added

Jun 19, 2019

Modified

May 24, 2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-49BEB00F-A6E1-4A42-93DF-9CB14B4C2BEE:

Mozilla Foundation reports:

CVE-2019-11707: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating

JavaScript objects due to issues in Array.pop. This can allow

for an exploitable crash. We are aware of targeted attacks in

the wild abusing this flaw.

CVE-2019-11708: sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the

Prompt:Open IPC message between child and parent processes can

result in the non-sandboxed parent process opening web content

chosen by a compromised child process. When combined with

additional vulnerabilities this could result in executing

arbitrary code on the user's computer.

Solutions

freebsd-upgrade-package-firefoxfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-thunderbirdfreebsd-upgrade-package-waterfox

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today