Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
Mozilla Foundation reports:
CVE-2019-11707: Type confusion in Array.pop
A type confusion vulnerability can occur when manipulating
for an exploitable crash. We are aware of targeted attacks in
the wild abusing this flaw.
CVE-2019-11708: sandbox escape using Prompt:Open
Insufficient vetting of parameters passed with the
Prompt:Open IPC message between child and parent processes can
result in the non-sandboxed parent process opening web content
chosen by a compromised child process. When combined with
additional vulnerabilities this could result in executing
arbitrary code on the user's computer.