FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- multiple vulnerabilities

Affected packages
thunderbird < thunderbird-60.7.2


VuXML ID 49beb00f-a6e1-4a42-93df-9cb14b4c2bee
Discovery 2019-06-20
Entry 2019-06-21

Mozilla Foundation reports:

CVE-2019-11707: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

CVE-2019-11708: sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.


CVE Name CVE-2019-11707
CVE Name CVE-2019-11708