Vulnerability CVE-2023-6873: Information

Description

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-6873
Published: Dec. 19, 2023
Modified: Feb. 2, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus121.0-alt1127.0-alt1ALT-PU-2023-8231-1336902Fixed
firefoxsisyphus_riscv64121.0-alt0.port126.0-alt0.portALT-PU-2023-8323-1-Fixed
firefoxsisyphus_loongarch64121.0-alt1.0.port126.0-alt1.0.portALT-PU-2024-1013-1-Fixed
firefoxp11121.0-alt1126.0.1-alt1ALT-PU-2023-8231-1336902Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
Memory safety bugs fixed in Firefox 121
  • Broken Link
  • Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2023-56/
  • Vendor Advisory
https://www.debian.org/security/2023/dsa-5582
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html
  • Mailing List
  • Third Party Advisory
https://security.gentoo.org/glsa/202401-10
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      121.0

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top