BROWSER-FIREFOX -- Snort has detected traffic known to exploit vulnerabilities present in the Firefox browser, or products that have the "Gecko" engine (Thunderbird email client, etc.).
BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt
This event is generated when an attacker attempts to exploit a type confusion in Mozilla Firefox. Impact: Attempted User Privilege Gain Details: This rule checks for attempts to exploit a type confusion in Mozilla Firefox's handling of Array.pop() calls. Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2019-11707A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. |
|