PT-2023-3679 · Mozilla+8 · Firefox Esr+10

Andrew Mccreight

·

Published

2023-07-11

·

Updated

2025-03-14

·

CVE-2023-3600

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 115.0.2 Firefox ESR versions prior to 115.0.2 Thunderbird versions prior to 115.0.1
Description A use-after-free condition could occur during the worker lifecycle, potentially leading to a crash. This issue is related to the use of memory after it has been freed, which could allow a remote attacker to execute arbitrary code.
Recommendations For Firefox versions prior to 115.0.2, update to version 115.0.2 or later. For Firefox ESR versions prior to 115.0.2, update to version 115.0.2 or later. For Thunderbird versions prior to 115.0.1, update to version 115.0.1 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:5434
ALSA-2023:5435
ALT-PU-2023-4641
ALT-PU-2023-5754
ALT-PU-2023-5836
ALT-PU-2023-6436
ALT-PU-2024-14035
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4748
BDU:2023-03964
CESA-2023_5428
CESA-2023_5433
CVE-2023-3600
MGASA-2023-0266
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2023_2958-1
OPENSUSE-SU-2023_3059-1
OPENSUSE-SU-2024:13048-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:5426
RHSA-2023:5427
RHSA-2023:5428
RHSA-2023:5429
RHSA-2023:5430
RHSA-2023:5432
RHSA-2023:5433
RHSA-2023:5434
RHSA-2023:5435
RHSA-2023:5436
RHSA-2023:5437
RHSA-2023:5438
RHSA-2023:5439
RHSA-2023:5440
RHSA-2023:5475
RHSA-2023:5477
RHSA-2023_5428
RHSA-2023_5433
RHSA-2023_5434
RHSA-2023_5435
RHSA-2023_5475
RHSA-2023_5477
RLSA-2023:5428
RLSA-2023:5435
SUSE-SU-2023:2958-1
SUSE-SU-2023:2959-1
SUSE-SU-2023:2960-1
SUSE-SU-2023:3059-1
SUSE-SU-2023_2958-1
SUSE-SU-2023_2959-1
SUSE-SU-2023_2960-1
USN-6218-1
USN-6405-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu