CVE-2019-11758
First published: Tue Sep 03 2019(Updated: )
A flaw was found in the 360 Total Security code in Firefox and Thunderbird. Memory corruption is possible in the accessibility engine that could lead to an exploit to run arbitrary code. This vulnerability could be exploited over a network connection and would affect confidentiality and integrity of information as well as availability of the system.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/firefox | <0:68.2.0-4.el6_10 | 0:68.2.0-4.el6_10 |
| redhat/thunderbird | <0:68.2.0-2.el6_10 | 0:68.2.0-2.el6_10 |
| redhat/firefox | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
| redhat/thunderbird | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
| redhat/firefox | <0:68.2.0-2.el8_0 | 0:68.2.0-2.el8_0 |
| redhat/thunderbird | <0:68.2.0-1.el8_0 | 0:68.2.0-1.el8_0 |
| redhat/firefox | <68.2 | 68.2 |
| redhat/thunderbird | <68.2 | 68.2 |
| Mozilla Thunderbird | <68.2 | 68.2 |
| Mozilla Firefox ESR | <68.2 | 68.2 |
| Mozilla Firefox | <69.0 | |
| Mozilla Firefox ESR | <68.2 | |
| Mozilla Thunderbird | <68.2 | |
| Canonical Ubuntu Linux | =16.04 | |
| Mozilla Firefox | <69 | 69 |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.5.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.5.0esr-1~deb12u1 128.5.0esr-1 128.5.1esr-1 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.5.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.5.0esr-1~deb12u1 1:128.5.0esr-1 1:128.5.2esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-11758 https://nvd.nist.gov/vuln/detail/CVE-2019-11758 https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
- https://bugzilla.redhat.com/show_bug.cgi?id=1764439
- https://access.redhat.com/errata/RHSA-2019:3281
- https://access.redhat.com/errata/RHSA-2019:3756
- https://access.redhat.com/errata/RHSA-2019:3193
- https://access.redhat.com/errata/RHSA-2019:3210
- https://access.redhat.com/errata/RHSA-2019:3196
- https://access.redhat.com/errata/RHSA-2019:3237
- https://access.redhat.com/security/cve/cve-2019-11758
- https://bugzilla.mozilla.org/show_bug.cgi?id=1536227
- https://www.mozilla.org/security/advisories/mfsa2019-25/
- https://www.mozilla.org/security/advisories/mfsa2019-33/
- https://www.mozilla.org/security/advisories/mfsa2019-35/
- https://usn.ubuntu.com/4335-1/
- https://launchpad.net/bugs/cve/CVE-2019-11758
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
- https://security-tracker.debian.org/tracker/CVE-2019-11758
- https://www.cve.org/CVERecord?id=CVE-2019-11758
- https://nvd.nist.gov/vuln/detail/CVE-2019-11758
- https://ubuntu.com/security/CVE-2019-11758
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-15903
- CVE-2019-11757
- CVE-2019-11758
- CVE-2019-11759
- CVE-2019-11760
- CVE-2019-11761
- CVE-2019-11762
- CVE-2019-11763
- CVE-2019-11764
- CVE-2019-11751
- CVE-2019-11746
- CVE-2019-11744
- CVE-2019-11742
- CVE-2019-11736
- CVE-2019-11753
- CVE-2019-11752
- CVE-2019-9812
- CVE-2019-11741
- CVE-2019-11743
- CVE-2019-11748
- CVE-2019-11749
- CVE-2019-5849
- CVE-2019-11750
- CVE-2019-11737
- CVE-2019-11738
- CVE-2019-11747
- CVE-2019-11734
- CVE-2019-11735
- CVE-2019-11740
Frequently Asked Questions
What is CVE-2019-11758?
CVE-2019-11758 is a memory safety bug present in Firefox 68 when 360 Total Security was installed, which could be exploited to run arbitrary code.
What is the severity level of CVE-2019-11758?
CVE-2019-11758 has a severity level of 8.8 (high).
What software is affected by CVE-2019-11758?
Firefox 68 and Thunderbird 68.2 are affected by CVE-2019-11758.
How can I fix CVE-2019-11758?
To fix CVE-2019-11758, update Firefox or Thunderbird to version 68.2 or higher.
Where can I find more information about CVE-2019-11758?
You can find more information about CVE-2019-11758 at the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1536227), [Mozilla Security Advisories - MFSA2019-33](https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/), [Mozilla Security Advisories - MFSA2019-35](https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/).
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-11758
- agent/software-canonical-lookup
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/tags
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- package-manager/debian