CVE-2019-11758
First published: Tue Sep 03 2019(Updated: )
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/firefox | <0:68.2.0-4.el6_10 | 0:68.2.0-4.el6_10 |
| redhat/thunderbird | <0:68.2.0-2.el6_10 | 0:68.2.0-2.el6_10 |
| redhat/firefox | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
| redhat/thunderbird | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
| redhat/firefox | <0:68.2.0-2.el8_0 | 0:68.2.0-2.el8_0 |
| redhat/thunderbird | <0:68.2.0-1.el8_0 | 0:68.2.0-1.el8_0 |
| redhat/firefox | <68.2 | 68.2 |
| redhat/thunderbird | <68.2 | 68.2 |
| Mozilla Thunderbird | <68.2 | 68.2 |
| Mozilla Firefox ESR | <68.2 | 68.2 |
| Mozilla Firefox | <69 | 69 |
| Mozilla Firefox | <69.0 | |
| Mozilla Firefox ESR | <68.2 | |
| Mozilla Thunderbird | <68.2 | |
| Canonical Ubuntu Linux | =16.04 | |
| debian/firefox-esr | 91.12.0esr-1~deb10u1 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.10.0esr-1 | |
| debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.10.1-1~deb10u1 1:115.7.0-1~deb11u1 1:115.10.1-1~deb11u1 1:115.7.0-1~deb12u1 1:115.10.1-1~deb12u1 1:115.10.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-11758 https://nvd.nist.gov/vuln/detail/CVE-2019-11758 https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
- https://bugzilla.redhat.com/show_bug.cgi?id=1764439
- https://access.redhat.com/errata/RHSA-2019:3281
- https://access.redhat.com/errata/RHSA-2019:3756
- https://access.redhat.com/errata/RHSA-2019:3193
- https://access.redhat.com/errata/RHSA-2019:3210
- https://access.redhat.com/errata/RHSA-2019:3196
- https://access.redhat.com/errata/RHSA-2019:3237
- https://access.redhat.com/security/cve/cve-2019-11758
- https://bugzilla.mozilla.org/show_bug.cgi?id=1536227
- https://www.mozilla.org/security/advisories/mfsa2019-25/
- https://www.mozilla.org/security/advisories/mfsa2019-33/
- https://www.mozilla.org/security/advisories/mfsa2019-35/
- https://usn.ubuntu.com/4335-1/
- https://launchpad.net/bugs/cve/CVE-2019-11758
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
- https://security-tracker.debian.org/tracker/CVE-2019-11758
- https://www.cve.org/CVERecord?id=CVE-2019-11758
- https://nvd.nist.gov/vuln/detail/CVE-2019-11758
- https://ubuntu.com/security/CVE-2019-11758
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-15903
- CVE-2019-11757
- CVE-2019-11758
- CVE-2019-11759
- CVE-2019-11760
- CVE-2019-11761
- CVE-2019-11762
- CVE-2019-11763
- CVE-2019-11764
- CVE-2019-11751
- CVE-2019-11746
- CVE-2019-11744
- CVE-2019-11742
- CVE-2019-11736
- CVE-2019-11753
- CVE-2019-11752
- CVE-2019-9812
- CVE-2019-11741
- CVE-2019-11743
- CVE-2019-11748
- CVE-2019-11749
- CVE-2019-5849
- CVE-2019-11750
- CVE-2019-11737
- CVE-2019-11738
- CVE-2019-11747
- CVE-2019-11734
- CVE-2019-11735
- CVE-2019-11740
Frequently Asked Questions
What is CVE-2019-11758?
CVE-2019-11758 is a memory safety bug present in Firefox 68 when 360 Total Security was installed, which could be exploited to run arbitrary code.
What is the severity level of CVE-2019-11758?
CVE-2019-11758 has a severity level of 8.8 (high).
What software is affected by CVE-2019-11758?
Firefox 68 and Thunderbird 68.2 are affected by CVE-2019-11758.
How can I fix CVE-2019-11758?
To fix CVE-2019-11758, update Firefox or Thunderbird to version 68.2 or higher.
Where can I find more information about CVE-2019-11758?
You can find more information about CVE-2019-11758 at the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1536227), [Mozilla Security Advisories - MFSA2019-33](https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/), [Mozilla Security Advisories - MFSA2019-35](https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/).
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-11758
- agent/software-canonical-lookup
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup-request
- agent/references
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- package-manager/debian