CVE-2019-11707 vulnerability found in Firefox browser, according to some reports allowing an attacker using JavaScript to remotely execute arbitrary code. Mozilla says the vulnerability is already being exploited by attackers.
The problem lies in the implementation of the Array.pop method. Details not yet disclosed.
The vulnerability has been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1. Based on this, it is safe to say that all versions of Firefox 60.x are vulnerable (it is likely that earlier ones too; if we are talking about Array.prototype.pop(), then it has been implemented since the very first version of Firefox) .
Source: linux.org.ru