Vulnerability CVE-2023-34416: Information

Description

Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-34416
Published: June 19, 2023
Modified: Jan. 7, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus114.0.1-alt1126.0.1-alt1ALT-PU-2023-1974-1322807Fixed
firefoxsisyphus_riscv64114.0.1-alt0.1.rv64126.0-alt0.portALT-PU-2023-4002-1-Fixed
firefoxp10118.0.2-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2024-4241-4342418Fixed
firefoxp11114.0.1-alt1126.0.1-alt1ALT-PU-2023-1974-1322807Fixed
firefox-esrsisyphus102.12.0-alt1115.11.0-alt1ALT-PU-2023-1956-1322571Fixed
firefox-esrp10102.12.0-alt1115.11.0-alt1ALT-PU-2023-2036-1322595Fixed
firefox-esrc10f1102.12.0-alt2115.9.1-alt0.c10.1ALT-PU-2023-5239-2328286Fixed
firefox-esrc9f2102.12.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2023-4367-3324724Fixed
firefox-esrp11102.12.0-alt1115.11.0-alt1ALT-PU-2023-1956-1322571Fixed
thunderbirdsisyphus102.12.0-alt1115.9.0-alt1ALT-PU-2023-1993-1322997Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed
thunderbirdp11102.12.0-alt1115.9.0-alt1ALT-PU-2023-1993-1322997Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2023-21/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-20/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339
  • Broken Link
https://www.mozilla.org/security/advisories/mfsa2023-19/
  • Vendor Advisory
https://security.gentoo.org/glsa/202312-03
    https://security.gentoo.org/glsa/202401-10

        1. Configuration 1

          cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
          End excliding
          114.0
          cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
          End excliding
          102.12
          cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
          End excliding
          102.12
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top