CVE-2019-11707

HIGH8.8⚠ KEVEPSS 84.3%

thunderbird - security update

發布日:2019/7/23修改日:2026/4/28加入 CISA KEV 日:2022/5/23

描述

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

受影響套件(7)

Alpine/mozjs60from 0, < 60.7.2-r0
Debian/firefox-esrfrom 0, < 60.7.1esr-1
Debian/firefox-esrfrom 0, < 60.7.1esr-1~deb8u1
Debian/firefox-esrfrom 0, < 60.7.1esr-1~deb9u1
Debian/thunderbirdfrom 0, < 1:60.7.2-1~deb8u1
Debian/thunderbirdfrom 0, < 1:60.7.2-1~deb9u1
Debian/thunderbirdfrom 0, < 1:60.7.2-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-11707
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-11707