Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11740
Acknowledgments: Name: the Mozilla project Upstream: Tyson Smith, Nathan Froyd
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2663 https://access.redhat.com/errata/RHSA-2019:2663
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11740
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2694 https://access.redhat.com/errata/RHSA-2019:2694
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2729 https://access.redhat.com/errata/RHSA-2019:2729
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2774 https://access.redhat.com/errata/RHSA-2019:2774
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2773 https://access.redhat.com/errata/RHSA-2019:2773
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2807 https://access.redhat.com/errata/RHSA-2019:2807