Vulnerability CVE-2023-25746: Information

Description

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-25746

Published: June 2, 2023

Modified: Nov. 7, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	103.0-alt1	126.0.1-alt1	ALT-PU-2022-2306-1	304397	Fixed
firefox	p10	105.0.1-alt0.p10.1	118.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	p9	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-4339-1	319683	Fixed
firefox	c10f1	105.0.1-alt0.p10.1	112.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	c9f2	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-1139-1	309126	Fixed
firefox	p11	103.0-alt1	126.0.1-alt1	ALT-PU-2022-2306-1	304397	Fixed
firefox-esr	sisyphus	102.8.0-alt1	115.11.0-alt1	ALT-PU-2023-1386-1	316235	Fixed
firefox-esr	p10	102.8.0-alt1	115.11.0-alt1	ALT-PU-2023-1435-1	316239	Fixed
firefox-esr	p9	102.11.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-4365-2	324721	Fixed
firefox-esr	c10f1	102.8.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2023-1435-1	316239	Fixed
firefox-esr	c9f2	102.10.0-alt0.c9.1	102.12.0-alt0.c9.1	ALT-PU-2023-1758-1	319753	Fixed
firefox-esr	p11	102.8.0-alt1	115.11.0-alt1	ALT-PU-2023-1386-1	316235	Fixed
thunderbird	sisyphus	102.8.0-alt1	115.9.0-alt1	ALT-PU-2023-1374-1	316076	Fixed
thunderbird	p10	102.8.0-alt1	115.9.0-alt1	ALT-PU-2023-1411-1	316084	Fixed
thunderbird	p9	102.11.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-4366-2	324721	Fixed
thunderbird	c10f1	102.8.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2023-1411-1	316084	Fixed
thunderbird	c9f2	102.10.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-1765-1	319783	Fixed
thunderbird	p11	102.8.0-alt1	115.9.0-alt1	ALT-PU-2023-1374-1	316076	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368	Broken Link Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-07/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-06/	Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  102.8
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  102.8

Version: v24.5.3

Vulnerability CVE-2023-25746: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1