PT-2023-8004 · Mozilla+9 · Firefox+11

Ronald Crane

Publicado

2023-12-19

Atualizado

2025-03-14

CVE-2023-6863

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 Firefox versions prior to 121

Description The ShutdownObserver() function was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later. For Firefox versions prior to 121, update to version 121 or later. As a temporary workaround, consider disabling the ShutdownObserver() function until a patch is available.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-758

Identificadores relacionados

ALSA-2024:0001

ALSA-2024:0003

ALSA-2024:0012

ALSA-2024:0025

ALT-PU-2023-8216

ALT-PU-2023-8227

ALT-PU-2023-8231

ALT-PU-2023-8368

ALT-PU-2023-8406

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-3614

ALT-PU-2024-3860

ALT-PU-2024-4278

ALT-PU-2024-4748

BDU:2023-09055

BDU:2023-09118

CESA-2024_0003

CESA-2024_0012

CESA-2024_0026

CESA-2024_0027

CVE-2023-6863

DLA-3697-1

DSA-5581-1

MGASA-2024-0006

MGASA-2024-0012

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_4928-1

OPENSUSE-SU-2024:13519-1

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_0044-1

RHSA-2024:0001

RHSA-2024:0002

RHSA-2024:0003

RHSA-2024:0004

RHSA-2024:0005

RHSA-2024:0011

RHSA-2024:0012

RHSA-2024:0019

RHSA-2024:0021

RHSA-2024:0022

RHSA-2024:0023

RHSA-2024:0024

RHSA-2024:0025

RHSA-2024:0026

RHSA-2024:0027

RHSA-2024:0028

RHSA-2024:0029

RHSA-2024:0030

RHSA-2024_0001

RHSA-2024_0003

RHSA-2024_0012

RHSA-2024_0025

RHSA-2024_0026

RHSA-2024_0027

RLSA-2024:0003

RLSA-2024:0012

SUSE-SU-2023:4912-1

SUSE-SU-2023:4928-1

SUSE-SU-2023:4929-1

SUSE-SU-2024:0044-1

USN-6562-1

USN-6562-2

USN-6563-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Suse

Thunderbird

Ubuntu

PT-2023-8004 · Mozilla+9 · Firefox+11

CVE-2023-6863

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2210