Vulnerability CVE-2023-29550: Information

Description

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-29550
Published: June 2, 2023
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus112.0-alt1125.0.2-alt1ALT-PU-2023-1621-1318409Fixed
firefoxsisyphus_riscv64112.0.1-alt0.1.rv64124.0.1-alt0.portALT-PU-2023-3246-1-Fixed
firefoxp10112.0.2-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2023-1817-1319679Fixed
firefoxc10f1112.0.2-alt0.p10.1112.0.2-alt0.p10.1ALT-PU-2023-5202-3327804Fixed
firefox-esrsisyphus102.10.0-alt1115.10.0-alt1ALT-PU-2023-1649-1318816Fixed
firefox-esrp10102.10.0-alt1115.10.0-alt1ALT-PU-2023-1797-1319671Fixed
firefox-esrp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4365-2324721Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrc9f2102.10.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2023-1758-1319753Fixed
thunderbirdsisyphus102.10.0-alt1115.9.0-alt1ALT-PU-2023-1648-1318817Fixed
thunderbirdp10102.10.0-alt1115.9.0-alt1ALT-PU-2023-1783-1319782Fixed
thunderbirdp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4366-2324721Fixed
thunderbirdc10f1102.10.0-alt1115.9.0-alt0.c10.1ALT-PU-2023-1783-1319782Fixed
thunderbirdc9f2102.10.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-1765-1319783Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2023-14/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-13/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828
  • Issue Tracking
  • Not Applicable
https://www.mozilla.org/security/advisories/mfsa2023-15/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      102.10
      cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*
      End excliding
      112.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      102.10
      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
      End excliding
      112.0
      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      112.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top