CISA KEV 정보
| 취약점명 | Mozilla Firefox and Thunderbird Type Confusion Vulnerability |
|---|---|
| 설명 | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-843 |
| 등록일 (KEV) | 2022-05-23 |
| 조치 기한 | 2022-06-13 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2019-11707 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P설명: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CWE: CWE-843 | CWE-843
참조
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 [Issue Tracking, Permissions Required, Vendor Advisory]
- https://security.gentoo.org/glsa/201908-12 [Third Party Advisory]
- https://www.mozilla.org/security/advisories/mfsa2019-18/ [Vendor Advisory]
- https://www.mozilla.org/security/advisories/mfsa2019-20/ [Vendor Advisory]
- https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 [Issue Tracking, Permissions Required, Vendor Advisory]
- https://security.gentoo.org/glsa/201908-12 [Third Party Advisory]
- https://www.mozilla.org/security/advisories/mfsa2019-18/ [Vendor Advisory]
- https://www.mozilla.org/security/advisories/mfsa2019-20/ [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11707 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.