Vulnerability CVE-2023-32215: Information

Description

Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-32215
Published: June 2, 2023
Modified: Jan. 7, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus113.0-alt1126.0.1-alt1ALT-PU-2023-1773-1320152Fixed
firefoxsisyphus_riscv64113.0-alt0.1.rv64126.0-alt0.portALT-PU-2023-3505-1-Fixed
firefoxp10118.0.2-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2024-4241-4342418Fixed
firefoxp11113.0-alt1126.0-alt2ALT-PU-2023-1773-1320152Fixed
firefox-esrsisyphus102.11.0-alt1115.11.0-alt1ALT-PU-2023-1811-1320575Fixed
firefox-esrp10102.11.0-alt1115.11.0-alt1ALT-PU-2023-1872-1320576Fixed
firefox-esrp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4365-2324721Fixed
firefox-esrc10f1102.11.0-alt1115.9.1-alt0.c10.1ALT-PU-2023-1901-1322016Fixed
firefox-esrc9f2102.11.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2023-1985-1322487Fixed
firefox-esrp11102.11.0-alt1115.11.0-alt1ALT-PU-2023-1811-1320575Fixed
thunderbirdsisyphus102.11.0-alt1115.9.0-alt1ALT-PU-2023-1822-1321097Fixed
thunderbirdp10102.11.0-alt1115.9.0-alt1ALT-PU-2023-1895-1321098Fixed
thunderbirdp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4366-2324721Fixed
thunderbirdc10f1102.11.0-alt1115.9.0-alt0.c10.1ALT-PU-2023-1900-1322018Fixed
thunderbirdc9f2102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-1984-1322486Fixed
thunderbirdp11102.11.0-alt1115.9.0-alt1ALT-PU-2023-1822-1321097Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2023-16/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-18/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-17/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
  • Issue Tracking
  • Not Applicable
  • Vendor Advisory
GLSA-202312-03
    GLSA-202401-10

        1. Configuration 1

          cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
          End excliding
          113.0
          cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
          End excliding
          102.11
          cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
          End excliding
          102.11
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top