PT-2023-1950 · Mozilla+10 · Firefox+12

Andrew Mccreight

+1

·

Published

2023-03-14

·

Updated

2025-01-08

·

CVE-2023-28176

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 111 Firefox ESR versions prior to 102.9 Thunderbird versions prior to 102.9
Description The issue is related to memory safety bugs, potentially allowing for memory corruption, which could be exploited to run arbitrary code with sufficient effort. It is also described as a buffer overflow vulnerability when handling HTML content, which could enable a remote attacker to execute arbitrary code.
Recommendations For Firefox versions prior to 111, update to version 111 or later. For Firefox ESR versions prior to 102.9, update to version 102.9 or later. For Thunderbird versions prior to 102.9, update to version 102.9 or later.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119CWE-120

Related Identifiers

ALSA-2023:1336
ALSA-2023:1337
ALSA-2023:1403
ALSA-2023:1407
ALT-PU-2023-1443
ALT-PU-2023-1491
ALT-PU-2023-1492
ALT-PU-2023-1545
ALT-PU-2023-1546
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-1817
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2023-5202
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-01559
BDU:2023-01560
CESA-2023_1333
CESA-2023_1336
CESA-2023_1403
CVE-2023-28176
DLA-3364-1
DLA-3365-1
DSA-5374-1
DSA-5375-1
MGASA-2023-0111
MGASA-2023-0116
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2024:12786-1
OPENSUSE-SU-2024:12791-1
OPENSUSE-SU-2024:12839-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:1333
RHSA-2023:1336
RHSA-2023:1337
RHSA-2023:1364
RHSA-2023:1367
RHSA-2023:1401
RHSA-2023:1402
RHSA-2023:1403
RHSA-2023:1404
RHSA-2023:1407
RHSA-2023:1442
RHSA-2023:1443
RHSA-2023:1444
RHSA-2023:1445
RHSA-2023:1472
RHSA-2023:1479
RHSA-2023_1333
RHSA-2023_1336
RHSA-2023_1337
RHSA-2023_1401
RHSA-2023_1403
RHSA-2023_1407
RLSA-2023:1336
RLSA-2023:1337
RLSA-2023:1403
RLSA-2023:1407
SUSE-SU-2023:0728-1
SUSE-SU-2023:0763-1
SUSE-SU-2023:0835-1
SUSE-SU-2023:1736-1
USN-5954-1
USN-5954-2
USN-5972-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu