Уязвимость повреждения памяти в движке доступности Firefox при установке 360 Total Security
Описание
Сообществом Mozilla выявлена уязвимость безопасности памяти в версии Firefox 68 при установке программы 360 Total Security. Эта уязвимость демонстрирует признаки повреждения памяти в движке доступности (accessibility engine). Предполагается, что злоумышленник способен использовать её для выполнения произвольного кода.
Затронутые версии ПО
- Firefox версий до 69
- Thunderbird версий до 68.2
- Firefox ESR версий до 68.2
Тип уязвимости
- Повреждение памяти
- Выполнение произвольного кода
Ссылки
- ExploitIssue TrackingVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitIssue TrackingVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Mozilla community member Philipp reported a memory safety bug present ...
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Уязвимость компонента 360 Total Security браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2