CVE-2019-11758

Priority
Description
Mozilla community member Philipp reported a memory safety bug present in
Firefox 68 when 360 Total Security was installed. This bug showed evidence
of memory corruption in the accessibility engine and we presume that with
enough effort that it could be exploited to run arbitrary code. This
vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR <
68.2.
Assigned-to
chrisccoulson
Notes
tyhicksmozjs contains a copy of the SpiderMonkey JavaScript engine
sbeattieonly occurs when 360 Total Security, a windows virsu scanner, is installed.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (windows only)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (windows only)
Ubuntu 19.10 (Eoan Ermine):not-affected (windows only)
Ubuntu 20.04 (Focal Fossa):not-affected (windows only)
More Information

Updated: 2020-03-18 22:53:53 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)