PT-2023-1699 · Mozilla+10 · Firefox Esr+12

Christian Holler

·

Published

2023-02-14

·

Updated

2024-12-12

·

CVE-2023-0767

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8
Description The issue is related to the mishandling of PKCS 12 Safe Bag attributes, which could allow for arbitrary memory writes. This is due to improper bounds checking within a memory buffer. An attacker could exploit this issue to enable remote arbitrary memory writes.
Recommendations For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2023:0808
ALSA-2023:0810
ALSA-2023:0821
ALSA-2023:0824
ALSA-2023:1252
ALSA-2023:1368
ALT-PU-2023-1374
ALT-PU-2023-1386
ALT-PU-2023-1387
ALT-PU-2023-1411
ALT-PU-2023-1414
ALT-PU-2023-1435
ALT-PU-2023-1446
ALT-PU-2023-1478
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-01270
CESA-2023_1252
CESA-2023_1332
CVE-2023-0767
DLA-3319-1
DLA-3324-1
DLA-3327-1
DSA-5350-1
DSA-5353-1
DSA-5355-1
MGASA-2023-0056
MGASA-2023-0057
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2023_0434-1
OPENSUSE-SU-2023_0461-1
OPENSUSE-SU-2024:12702-1
OPENSUSE-SU-2024:12713-1
OPENSUSE-SU-2024:12753-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:1252
RHSA-2023:1332
RHSA-2023:1365
RHSA-2023:1366
RHSA-2023:1368
RHSA-2023:1369
RHSA-2023:1370
RHSA-2023:1406
RHSA-2023:1436
RHSA-2023:1442
RHSA-2023:1443
RHSA-2023:1444
RHSA-2023:1445
RHSA-2023:1472
RHSA-2023:1479
RHSA-2023:1677
RHSA-2023_1252
RHSA-2023_1332
RHSA-2023_1366
RHSA-2023_1368
RLSA-2023:0808
RLSA-2023:0810
RLSA-2023:0821
RLSA-2023:0824
RLSA-2023:1252
RLSA-2023:1368
SUSE-SU-2023:0434-1
SUSE-SU-2023:0443-1
SUSE-SU-2023:0461-1
SUSE-SU-2023:0466-1
SUSE-SU-2023:0468-1
SUSE-SU-2023:0469-1
SUSE-SU-2023:0599-1
SUSE-SU-2023_0434-1
SUSE-SU-2023_0443-1
SUSE-SU-2023_0461-1
SUSE-SU-2023_0466-1
SUSE-SU-2023_0468-1
SUSE-SU-2023_0469-1
USN-5880-1
USN-5880-2
USN-5892-1
USN-5892-2
USN-5943-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu