NVD disclosure day

Published threat advisories for July 23, 2019

CVE advisoryKnown Exploit

CVE-2019-11708

Firefox and Thunderbird Sandbox Escape Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability exists in applications that permits unauthorized code execution. This occurs when parameters are not properly vetted, allowing a compromised process to open web content chosen by an attacker. The business risk is the potential for data compromise and system control.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2019-11707

JavaScript Type Confusion in Browsers and Email Clients.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A JavaScript type confusion vulnerability in Mozilla products can lead to exploitable crashes, impacting system stability and data integrity. Targeted attacks are known to exploit this flaw, posing a business risk of unauthorized access. Organizations should apply vendor updates to affected software.

NVD published: • CISA KEV