CVE-2019-11758
Summary
| CVE | CVE-2019-11758 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-01-08 20:15:00 UTC |
|---|
| Updated | 2022-04-22 19:01:00 UTC |
|---|
| Description | Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Access Denied |
CONFIRM |
bugzilla.mozilla.org |
Permissions Required |
| Security vulnerabilities fixed in - Thunderbird 68.2 — Mozilla |
CONFIRM |
www.mozilla.org |
Vendor Advisory |
| Security vulnerabilities fixed in Firefox 69 — Mozilla |
CONFIRM |
www.mozilla.org |
Vendor Advisory |
| USN-4335-1: Thunderbird vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
|
| Security vulnerabilities fixed in - Firefox ESR 68.2 — Mozilla |
CONFIRM |
www.mozilla.org |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296079 Oracle Solaris 11.4 Support Repository Update (SRU) 15.5.0 Missing (CPUOCT2019)
- 500923 Alpine Linux Security Update for firefox-esr
