HTTP: Mozilla Firefox CVE-2019-11707 Type Confustion

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. Successful exploitation of this vulnerability could result in arbitrary command execution on the target system.

Extended Description

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Affected Products

Mozilla thunderbird

Short Name
HTTP:STC:MOZILLA:CVE-2019-11707
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-11707 Confustion Firefox Mozilla Type
Release Date
08/29/2019
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3796
False Positive
Occasionally
Vendors

Mozilla

CVSS Score

7.5

Found a potential security threat?