CVE-2019-11758

CVE-2019-11758

Name

CVE-2019-11758

Description

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-35/
Permissions Required	https://bugzilla.mozilla.org/show_bug.cgi?id=1536227
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-33/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-25/
UBUNTU	https://usn.ubuntu.com/4335-1/

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-35/

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=1536227

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-33/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-25/

UBUNTU

https://usn.ubuntu.com/4335-1/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:mozilla:firefox::::::::`	firefox	>= None	< 69.0
`cpe:2.3:a:mozilla:firefox_esr::::::::`	firefox_esr	>= None	< 68.2
`cpe:2.3:a:mozilla:thunderbird::::::::`	thunderbird	>= None	< 68.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

firefox

>= None

< 69.0

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

firefox_esr

>= None

< 68.2

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

thunderbird

>= None

< 68.2

References

Match rules

Vulnerable and fixed packages