Vulnerability CVE-2023-6864: Information

Description

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-6864
Published: Dec. 19, 2023
Modified: Feb. 2, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus121.0-alt1125.0.2-alt1ALT-PU-2023-8231-1336902Fixed
firefoxsisyphus_riscv64121.0-alt0.port124.0.1-alt0.portALT-PU-2023-8323-1-Fixed
firefoxsisyphus_loongarch64121.0-alt1.0.port125.0.1-alt1.0.portALT-PU-2024-1013-1-Fixed
firefox-esrsisyphus115.6.0-alt1115.10.0-alt1ALT-PU-2023-8216-2336858Fixed
firefox-esrsisyphus_loongarch64115.6.0-alt1115.10.0-alt1ALT-PU-2023-8248-1-Fixed
firefox-esrp10115.6.0-alt1115.10.0-alt1ALT-PU-2023-8227-2336859Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
thunderbirdsisyphus115.6.0-alt1115.9.0-alt1ALT-PU-2023-8368-2337340Fixed
thunderbirdsisyphus_loongarch64115.6.0-alt1115.9.0-alt1ALT-PU-2023-8387-1-Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
  • Broken Link
  • Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2023-54/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-55/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-56/
  • Vendor Advisory
https://www.debian.org/security/2023/dsa-5581
  • Third Party Advisory
https://www.debian.org/security/2023/dsa-5582
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html
  • Mailing List
  • Third Party Advisory
https://security.gentoo.org/glsa/202401-10
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      115.6
      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      121.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      115.6

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top