Vulnerability CVE-2023-4056: Information

Description

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-4056
Published: Aug. 1, 2023
Modified: Aug. 11, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus_riscv64116.0-alt0.1.rv64126.0-alt0.portALT-PU-2023-4858-1-Fixed
firefoxp10118.0.2-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2024-4241-4342418Fixed
firefox-esrsisyphus115.2.1-alt1115.11.0-alt1ALT-PU-2023-5754-2329883Fixed
firefox-esrp10115.3.1-alt4115.11.0-alt1ALT-PU-2023-6436-2330014Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrp11115.2.1-alt1115.11.0-alt1ALT-PU-2023-5754-2329883Fixed
thunderbirdsisyphus115.2.2-alt1115.9.0-alt1ALT-PU-2023-5836-3328494Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed
thunderbirdp11115.2.2-alt1115.9.0-alt1ALT-PU-2023-5836-3328494Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847
  • Broken Link
  • Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2023-30/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-31/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-29/
  • Vendor Advisory
https://www.debian.org/security/2023/dsa-5464
  • Mailing List
  • Third Party Advisory
https://www.debian.org/security/2023/dsa-5469
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      116.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      Start including
      115.0
      End excliding
      115.1
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      Start including
      102.0
      End excliding
      102.14

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top