Errata ALT-PU-2023-1985-1: Information
Fixes
Published: May 9, 2023
BDU:2023-02803
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: May 9, 2023
BDU:2023-02804
Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: May 9, 2023
BDU:2023-02805
Уязвимость функции FileReader::DoReadData() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код в целевой системе
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: May 9, 2023
BDU:2023-02806
Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками смешения типов данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Links:
Published: May 9, 2023
BDU:2023-02809
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: May 9, 2023
BDU:2023-02810
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, существующая из-за некорректной работы обработчиков ms-cxh и ms-cxh-ful, позволяющая нарушителю вызвать аварийное завершение работы приложения
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Links:
Published: May 9, 2023
BDU:2023-02813
Уязвимость драйвера RLBox Expat браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать аварийное завершение работы приложения
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Links:
Published: May 9, 2023
BDU:2023-02814
Уязвимость браузеров Firefox и Firefox ESR, существующая из-за отсутствия задержки всплывающих уведомлений, позволяющая нарушителю получить несанкционированный доступ к определенным функциям браузера
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32205
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- GLSA-202312-03
- GLSA-202401-10
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32206
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32207
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32211
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32212
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 19, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32214
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1828716
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
Published: June 2, 2023
Modified: Jan. 7, 2024
Modified: Jan. 7, 2024
CVE-2023-32215
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
- GLSA-202312-03
- GLSA-202401-10