DESCRIPTION:
Firefox contains a type confusion vulnerability (CVE-2019-11707). This vulnerability is due to issues in Array.pop, which may cause a crash when manipulating JavaScript objects. Successful exploitation of this vulnerability could allow for arbitrary code execution through an exploitable crash.
AFFECTED RELEASES:
Firefox versions prior to 67.0.3
Firefox ESR versions prior to 60.7.1
SOLUTION:
1. Please confirm the current version by clicking the "Firefox Menu button" at the top right corner of the browser window. After that, clicking "Help" and then select "About Firefox." The About Firefox window will appear. The version number is listed underneath the Firefox name.
2. For the update, please follow the steps below :
(1) Click the "Firefox Menu button," click "Help" and then select "About Firefox." Firefox will begin checking for updates and downloading them automatically.
(2) When the download is complete, click the "Restart" option to restart Firefox and complete the update.
REFERENCE:
1. https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
2. https://thehackernews.com/2019/06/mozilla-firefox-patch-update.html
3. https://www.tenable.com/blog/cve-2019-11707-critical-type-confusion-zero-day-in-mozilla-firefox-exploited-in-the-wild
4. https://www.jpcert.or.jp/at/2019/at190027.html