CVE-2019-11758

Summary

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxbefore 69affected
MozillaThunderbirdbefore 68.2affected
MozillaFirefox ESRbefore 68.2affected

Weaknesses

  • Potentially exploitable crash due to 360 Total Security

ADP Enrichment

CVE Program Container

Additional References

References