CVE-2023-25746

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:50

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368 - Broken Link, Issue Tracking, Vendor Advisory () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368 - Broken Link, Issue Tracking, Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2023-06/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2023-06/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2023-07/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2023-07/ - Vendor Advisory

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.

08 Jun 2023, 17:11

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
References (MISC) https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368 - (MISC) https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368 - Broken Link, Issue Tracking, Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-06/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-06/ - Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-07/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-07/ - Vendor Advisory
First Time Mozilla
Mozilla thunderbird
Mozilla firefox Esr

02 Jun 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 17:15

Updated : 2024-11-21 07:50


NVD link : CVE-2023-25746

Mitre link : CVE-2023-25746

CVE.ORG link : CVE-2023-25746


JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox_esr
CWE
CWE-787

Out-of-bounds Write