Vulnerability CVE-2023-6212: Information

Description

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-6212
Published: Nov. 21, 2023
Modified: Nov. 30, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus120.0-alt1126.0.1-alt1ALT-PU-2023-7473-2334890Fixed
firefoxsisyphus_riscv64120.0.1-alt0.port126.0-alt0.portALT-PU-2023-7796-1-Fixed
firefoxp11120.0-alt1126.0.1-alt1ALT-PU-2023-7473-2334890Fixed
firefox-esrsisyphus115.6.0-alt1115.11.0-alt1ALT-PU-2023-8216-2336858Fixed
firefox-esrsisyphus_loongarch64115.6.0-alt1115.11.0-alt1ALT-PU-2023-8248-1-Fixed
firefox-esrp10115.6.0-alt1115.11.0-alt1ALT-PU-2023-8227-2336859Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrp11115.6.0-alt1115.11.0-alt1ALT-PU-2023-8216-2336858Fixed
thunderbirdsisyphus115.6.0-alt1115.9.0-alt1ALT-PU-2023-8368-2337340Fixed
thunderbirdsisyphus_loongarch64115.6.0-alt1115.9.0-alt1ALT-PU-2023-8387-1-Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed
thunderbirdp11115.6.0-alt1115.9.0-alt1ALT-PU-2023-8368-2337340Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
Memory safety bugs fixed in Firefox 120, Firefox 115.5, and Thunderbird 115.5.0
  • Broken Link
https://www.mozilla.org/security/advisories/mfsa2023-49/
  • Release Notes
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-50/
  • Release Notes
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-52/
  • Release Notes
  • Vendor Advisory
https://www.debian.org/security/2023/dsa-5561
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html
  • Mailing List
https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html

      1. Configuration 1

        cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
        End excliding
        115.5
        cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
        End excliding
        120.0
        cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
        End excliding
        115.5.0

        Configuration 2

        cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top