A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in `Array.pop`. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Acknowledgments: Name: the Mozilla project Upstream: Samuel Groß (Google Project Zero), Coinbase Security
Created firefox tracking bugs for this issue: Affects: fedora-all [bug 1721801]
Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1722678]
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1603 https://access.redhat.com/errata/RHSA-2019:1603
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1604 https://access.redhat.com/errata/RHSA-2019:1604
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1623 https://access.redhat.com/errata/RHSA-2019:1623
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1624 https://access.redhat.com/errata/RHSA-2019:1624
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1626 https://access.redhat.com/errata/RHSA-2019:1626
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1696 https://access.redhat.com/errata/RHSA-2019:1696
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11707