What is CVE-2019-11707?

CVE-2019-11707 is a vulnerability in Mozilla Firefox. Published 2019-07-23.

Is CVE-2019-11707 known to be exploited?

Yes. CVE-2019-11707 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-05-23), indicating it is being actively exploited. 30 public proof-of-concept repositories are indexed.

Vulnerability in Mozilla Firefox

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects F…

EPSS: 0.843 (99.3th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions unspecified
Mozilla Firefox Esr — versions unspecified
Mozilla Thunderbird — versions unspecified

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2022-05-23. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-06-13.

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

www.mozilla.org/security/advisories/mfsa2019-20/ (x_refsource_MISC)
www.mozilla.org/security/advisories/mfsa2019-18/ (x_refsource_MISC)
bugzilla.mozilla.org/show_bug.cgi (x_refsource_MISC)
GLSA-201908-12 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2019-11707?: CVE-2019-11707 is a vulnerability in Mozilla Firefox. Published 2019-07-23.
Is CVE-2019-11707 known to be exploited?: Yes. CVE-2019-11707 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-05-23), indicating it is being actively exploited. 30 public proof-of-concept repositories are indexed.