Описание
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
A flaw was found in the 360 Total Security code in Firefox and Thunderbird. Memory corruption is possible in the accessibility engine that could lead to an exploit to run arbitrary code. This vulnerability could be exploited over a network connection and would affect confidentiality and integrity of information as well as availability of the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 5 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2019:3281 | 31.10.2019 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2019:3756 | 06.11.2019 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2019:3193 | 24.10.2019 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2019:3210 | 29.10.2019 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2019:3196 | 24.10.2019 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2019:3237 | 29.10.2019 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Mozilla community member Philipp reported a memory safety bug present ...
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Уязвимость компонента 360 Total Security браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
8.8 High
CVSS3