PT-2023-2799 · Mozilla+10 · Firefox Esr+11

Gabriele Svelto

Published

2022-07-27

Updated

2025-01-09

CVE-2023-1945

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 102.10 Firefox ESR versions prior to 102.10

Description The issue is related to the Safe Browsing API, where unexpected data could lead to memory corruption and a potentially exploitable crash. This could allow a remote attacker to execute arbitrary code in the target system and cause memory damage using a specially crafted website. The vulnerability is associated with a buffer overflow operation in memory.

Recommendations For Thunderbird versions prior to 102.10, update to version 102.10 or later. For Firefox ESR versions prior to 102.10, update to version 102.10 or later. As a temporary workaround, consider restricting access to the Safe Browsing API until a patch is available.

Fix

Memory Corruption

Information Disclosure

NULL Pointer Dereference

UI Misrepresentation of Critical Information

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-200CWE-254CWE-476CWE-763CWE-1037CWE-451CWE-119CWE-264

Related Identifiers

ALSA-2023:1786

ALSA-2023:1787

ALSA-2023:1802

ALSA-2023:1809

ALT-PU-2022-2306

ALT-PU-2022-2930

ALT-PU-2023-1139

ALT-PU-2023-1648

ALT-PU-2023-1649

ALT-PU-2023-1758

ALT-PU-2023-1765

ALT-PU-2023-1783

ALT-PU-2023-1797

ALT-PU-2023-4339

ALT-PU-2023-4365

ALT-PU-2023-4366

BDU:2023-02675

BDU:2023-02676

BDU:2023-02677

BDU:2023-02678

BDU:2023-02689

BDU:2023-02690

BDU:2023-02691

BDU:2023-02692

BDU:2023-02693

BDU:2023-02694

BDU:2023-02695

BDU:2023-02697

CESA-2023_1787

CESA-2023_1791

CESA-2023_1802

CESA-2023_1806

CVE-2023-1945

DLA-3391-1

DLA-3400-1

DSA-5385-1

DSA-5392-1

MGASA-2023-0146

MGASA-2023-0147

OESA-2023-1673

OESA-2023-1674

OESA-2024-2274

OPENSUSE-SU-2024:12852-1

OPENSUSE-SU-2024:12856-1

RHSA-2023:1785

RHSA-2023:1786

RHSA-2023:1787

RHSA-2023:1788

RHSA-2023:1789

RHSA-2023:1790

RHSA-2023:1791

RHSA-2023:1792

RHSA-2023:1802

RHSA-2023:1803

RHSA-2023:1804

RHSA-2023:1805

RHSA-2023:1806

RHSA-2023:1809

RHSA-2023:1810

RHSA-2023:1811

RHSA-2023_1786

RHSA-2023_1787

RHSA-2023_1791

RHSA-2023_1802

RHSA-2023_1806

RHSA-2023_1809

RLSA-2023:1802

RLSA-2023:1809

SUSE-SU-2023:1817-1

SUSE-SU-2023:1819-1

SUSE-SU-2023:1855-1

SUSE-SU-2023:2064-1

SUSE-SU-2023_1817-1

SUSE-SU-2023_1819-1

SUSE-SU-2023_1855-1

USN-6015-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2023-2799 · Mozilla+10 · Firefox Esr+11

CVE-2023-1945

Weakness Enumeration

Related Identifiers

Affected Products

References · 447