First published: Tue Sep 03 2019(Updated: )
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/firefox | <0:68.2.0-4.el6_10 | 0:68.2.0-4.el6_10 |
redhat/thunderbird | <0:68.2.0-2.el6_10 | 0:68.2.0-2.el6_10 |
redhat/firefox | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
redhat/thunderbird | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
redhat/firefox | <0:68.2.0-2.el8_0 | 0:68.2.0-2.el8_0 |
redhat/thunderbird | <0:68.2.0-1.el8_0 | 0:68.2.0-1.el8_0 |
redhat/firefox | <68.2 | 68.2 |
redhat/thunderbird | <68.2 | 68.2 |
Mozilla Thunderbird | <68.2 | 68.2 |
Mozilla Firefox ESR | <68.2 | 68.2 |
Mozilla Firefox | <69 | 69 |
Mozilla Firefox | <69.0 | |
Mozilla Firefox ESR | <68.2 | |
Mozilla Thunderbird | <68.2 | |
Canonical Ubuntu Linux | =16.04 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.10.0esr-1 | |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.10.1-1~deb10u1 1:115.7.0-1~deb11u1 1:115.10.1-1~deb11u1 1:115.7.0-1~deb12u1 1:115.10.1-1~deb12u1 1:115.10.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2019-11758 is a memory safety bug present in Firefox 68 when 360 Total Security was installed, which could be exploited to run arbitrary code.
CVE-2019-11758 has a severity level of 8.8 (high).
Firefox 68 and Thunderbird 68.2 are affected by CVE-2019-11758.
To fix CVE-2019-11758, update Firefox or Thunderbird to version 68.2 or higher.
You can find more information about CVE-2019-11758 at the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1536227), [Mozilla Security Advisories - MFSA2019-33](https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/), [Mozilla Security Advisories - MFSA2019-35](https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/).