A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Related CVEs

CVE-2019-11707

Key Information

GHSA ID

GHSA-8ffr-q7j8-h445

Published

May 24, 2022 4:50 PM

Last Modified

February 7, 2025 3:32 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 12, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.