7.5
CVSSv2

CVE-2019-11707

Published: 23/07/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 757
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A type confusion bug exists in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.

Vulnerability Trend

Vendor Advisories

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website For the stable distribution (stretch), this problem has been fixed in version 6071esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages ...
Security vulnerabilities fixed in Firefox 6703 and Firefox ESR 6071 Announced June 18, 2019 Impact critical Products Firefox, Firefox ESR Fixed in Firefox 6703 ...
Several security issues were fixed in Thunderbird ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read For the stable distribution (stretch), these problems have been fixed in version 1:6072-1~deb9u1 We recommend that you upgrade your thunderbird packages For the detailed security status of thunderbird p ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Arch Linux Security Advisory ASA-201906-18 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-994 Summary ======= The package <a href="/package/firefox">firefox</a> b ...
Arch Linux Security Advisory ASA-201906-19 ========================================== Severity: Critical Date : 2019-06-19 CVE-ID : CVE-2019-11707 Package : firefox-developer-edition Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-995 Summary ======= The package firefox-developer-edition before v ...
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Arraypop, in Firefox before 6703 This can allow for an exploitable crash Mozilla has been made aware of targeted attacks in the wild abusing this flaw ...
There is a security vulnerability in versions of Mozilla Firefox that are shipped with versions 1510 to 15211 of IBM SONAS ...
Oracle Linux Bulletin - July 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Pa ...
libical: Heap buffer over read in icalparserc parser_get_next_char (CVE-2019-11703 ) libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalpropertyc (CVE-2019-11706 ) Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708 ) libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecurc (CVE-2019-11705 ) li ...

Exploits

The following program (found through fuzzing and manually modified) crashes Spidermonkey built from the current beta channel and Firefox 6603 (current stable): // Run with --no-threads for increased reliability const v4 = [{a: 0}, {a: 1}, {a: 2}, {a: 3}, {a: 4}]; function v7(v8,v9) { if (v4length == 0) { v4[3] = ...

Mailing Lists

Spidermonkey IonMonkey incorrectly predicts return type of Arrayprototypepop, leading to type confusion vulnerabilities ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-172-02) New mozilla-thunderbird packages are available for Slackware 142 and -current to fix a security issue Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-6072-i686-1_ ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4471-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff June 24, 2019 wwwdebianorg/security/faq ...

Github Repositories

Exploit code for CVE-2019-11707 on Firefox 66.0.3 running on Ubuntu

Exploit code for CVE-2019-11707 Full write-up can be found here

BROWSER EXPLOITATION MATERIALS #Basics v8 engine docs #Write Ups attacking javascript engines Browser Exploitation CVE-2019-11707

https://bugs.chromium.org/p/project-zero/issues/detail?id=1820

SpiderMonkey - CVE-2019-11707 Bug: bugschromiumorg/p/project-zero/issues/detail?id=1820 Screenshots Files exploitjs - Actual exploit, prepended by saelo's utiljs & Int64js stagerjs - Used for creating constants, prepended by saelo's utiljs & Int64js stagerpy - Used to assemble instructions using keystone Output is fed to stagerj

An updated collection of resources targeting browser-exploitation.

Browser-Pwn The world of Browsers is dominated by 4 major players: Chromium/Chrome (Blink-Engine) Firefox (Gecko-Engine) Safari (WebKit-Engine) Edge (Blink-Engine (former EdgeHTML-Engine) The following is split into two parts: Information that helps to understand their architecture and implementation and how to build them from sources Information that helps finding their cal

a list of web browser vulnerabilities

web-browser-vulnerabilities Steps for building old versions of Firefox: Steps for building old versions of Chrome: Firefox vulnerabilities This is a list of vulnerabilities that is reproducible in old versions of Firefox CVE ID Version Type Exploited? Link CVE-2017-7784 560 UAF CVE-2017-7828 560 UAF CVE-2018-5093 570 heap buffer overflow CVE-2018-5094 5

A JavaScript Engine Fuzzer

Fuzzilli A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language ("FuzzIL") which can be mutated and translated to JavaScript Written and maintained by Samuel Groß, saelo@googlecom Usage The basic steps to use this fuzzer are: Download the source code for one of the supported JavaScript engines See the Targets/ d

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

IT threat evolution Q2 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
According to Kaspersky Security Network,
Q2 2019 will be remembered for several events.
First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too.
Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobil...

Mozilla Fixes Second Actively-Exploited Firefox Flaw
Threatpost • Lindsey O'Donnell • 21 Jun 2019

Mozilla has fixed a high-severity vulnerability in its Firefox browser being actively exploited in the wild.
The vulnerability (CVE-2019-11709) is separate from a critical flaw under active attack that was patched earlier this week (CVE-2019-11707). However, both vulnerabilities were discovered by Coinbase Security, who said that the flaws were being used in active spear phishing attacks targeting Coinbase employees.
The high-severity sandbox-escape flaw stems from insufficient vetti...

Digi-dosh exchange Coinbase: Someone tried to pwn our staff via this week's Firefox zero-day security hole
The Register • Shaun Nichols in San Francisco • 20 Jun 2019

Patch released after crypto-currency biz sounded alarm

The development and release of a critical Firefox security patch this week was, in part, triggered by an attempted cyber-heist of crypto-coin exchange Coinbase.
Coinbase chief information security officer Philip Martin said on Wednesday night the digital-dosh trading site was one of the prime targets of hackers, who tried to exploit a zero-day vulnerability, CVE-2019-11707, a JavaScript type-confusion flaw in Firefox, to execute malicious code on Coinbase staff machines.
Coinbase, al...

Tor Browser Issues Update for Critical System Takeover Flaw
Threatpost • Tara Seals • 20 Jun 2019

Tor Browser has updated to version 8.5.2, to address a critical security flaw in Mozilla’s Firefox browser that is under active exploit in the wild.
The critical flaw (CVE-2019-11707) is a type confusion vulnerability in the Array.pop, which is an array method that is used in JavaScript objects in Firefox. The vulnerability, which was disclosed and patched earlier this week, enables cybercriminals to take full control of systems running the vulnerable Firefox versions.
The issue af...

Firefox 0-day Used in Targeted Attacks Against Cryptocurrency Firms
BleepingComputer • Lawrence Abrams • 20 Jun 2019

The employees of Coinbase and other cryptocurrency firms were the target of an attack utilizing a recent Firefox zero-day and malware payloads in order to gain access to victim's computers, networks, and sensitive information.
This past week, Mozilla released an emergency Firefox update to fix a critical remote execution vulnerability that was actively used in targeted attacks in the wild. This bug was given a CVE ID of CVE-2019-11707 and was stated to have been reported by both Google P...

Awoogah! Awoogah! Firefox fans urged to update and patch zero-day hole exploited in the wild by miscreants
The Register • Shaun Nichols in San Francisco • 18 Jun 2019

Just make sure you're running the latest version

Mozilla has released an emergency critical update for Firefox to squash a zero-day vulnerability that is under active attack.
The Firefox 67.0.3 and ESR 60.7.1 builds include a patch for CVE-2019-11707. The vulnerability is a type confusion bug in the way Firefox handles JavaScript objects in Array.pop. By manipulating the object in the array, malicious JavaScript on a webpage could get the ability to remotely execute code without any user interaction.
This is a bad thing.
What...

Mozilla Firefox 72.0.1 Patches Actively Exploited Zero-Day
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 to patch a critical and actively exploited severity vulnerability that could potentially allow attackers to execute code or trigger crashes on machines running vulnerable Firefox versions.
As Mozilla's security advisory says, the Firefox developers are "aware of targeted attacks in the wild abusing this flaw" which could make it possible for attackers who successfully exploit it to abuse affected systems.
The Firefox and Fire...

Mozilla Firefox 67.0.3 Patches Actively Exploited Zero-Day
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to patch an actively exploited and critical severity vulnerability which could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions.
As Mozilla's security advisory says, the Firefox developers are "aware of targeted attacks in the wild abusing this flaw" which could allow attackers who exploit this vulnerability to take control of affected systems.
The Firefox and Firefox ESR zero-d...