Exploit for #VU18860 Permissions, Privileges, and Access Controls in Firefox ESR and Mozilla Firefox

Vulnerability identifier: #VU18860

Vulnerability risk: High

CVSSv4.0: 7.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2019-11708

CWE-ID: CWE-264

Exploitation vector: Network

Exploits in database: 3

• May 13, 2022
  • Mozilla Firefox 67 - Array.pop JIT Type Confusion [Exploit-DB]
• June 17, 2021
  • Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack [Exploit-DB]
• March 18, 2020
  • CVE-2019-11708 (Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.) [Github]

Vulnerable software:
Firefox ESR
Client/Desktop applications / Web browsers
Mozilla Firefox
Client/Desktop applications / Web browsers

Vendor: Mozilla