{
  "threat_severity" : "Important",
  "public_date" : "2019-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla: Potentially exploitable crash due to 360 Total Security",
    "id" : "1764439",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1764439"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in the 360 Total Security code in Firefox and Thunderbird. Memory corruption is possible in the accessibility engine that could lead to an exploit to run arbitrary code. This vulnerability could be exploited over a network connection and would affect confidentiality and integrity of information as well as availability of the system." ],
  "acknowledgement" : "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-10-31T00:00:00Z",
    "advisory" : "RHSA-2019:3281",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:68.2.0-4.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3756",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "thunderbird-0:68.2.0-2.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-24T00:00:00Z",
    "advisory" : "RHSA-2019:3193",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "firefox-0:68.2.0-1.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-29T00:00:00Z",
    "advisory" : "RHSA-2019:3210",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "thunderbird-0:68.2.0-1.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-10-24T00:00:00Z",
    "advisory" : "RHSA-2019:3196",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "firefox-0:68.2.0-2.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-10-29T00:00:00Z",
    "advisory" : "RHSA-2019:3237",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "thunderbird-0:68.2.0-1.el8_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-11758\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11758\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758" ],
  "name" : "CVE-2019-11758",
  "csaw" : false
}