PT-2023-4027 · Mozilla+10 · Firefox+11

Nika Layzell

·

Published

2023-08-01

·

Updated

2024-12-12

·

CVE-2023-4049

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1
Description The issue is related to the use of memory after it has been freed, which could allow a remote attacker to execute arbitrary code. This is due to race conditions found in reference counting code. The vulnerability affects Firefox and Firefox ESR browsers.
Recommendations For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 102.14, update to version 102.14 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later.

Exploit

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2023:4462
ALSA-2023:4468
ALSA-2023:4497
ALSA-2023:4499
ALT-PU-2023-5754
ALT-PU-2023-5836
ALT-PU-2023-6436
ALT-PU-2024-13898
ALT-PU-2024-14035
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4748
BDU:2023-04325
CESA-2023_4468
CESA-2023_4497
CVE-2023-4049
DLA-3521-1
DLA-3523-1
DSA-5464-1
DSA-5469-1
MGASA-2023-0266
OESA-2023-1671
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2023_3162-1
OPENSUSE-SU-2023_3228-1
OPENSUSE-SU-2024:13091-1
OPENSUSE-SU-2024:13124-1
OPENSUSE-SU-2024:13133-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:4460
RHSA-2023:4461
RHSA-2023:4462
RHSA-2023:4463
RHSA-2023:4464
RHSA-2023:4465
RHSA-2023:4468
RHSA-2023:4469
RHSA-2023:4492
RHSA-2023:4493
RHSA-2023:4494
RHSA-2023:4495
RHSA-2023:4496
RHSA-2023:4497
RHSA-2023:4499
RHSA-2023:4500
RHSA-2023_4461
RHSA-2023_4462
RHSA-2023_4468
RHSA-2023_4495
RHSA-2023_4497
RHSA-2023_4499
RLSA-2023:4462
RLSA-2023:4468
RLSA-2023:4497
RLSA-2023:4499
ROSA-SA-2023-2232
ROSA-SA-2023-2233
SUSE-SU-2023:3161-1
SUSE-SU-2023:3162-1
SUSE-SU-2023:3163-1
SUSE-SU-2023:3228-1
SUSE-SU-2023_3161-1
SUSE-SU-2023_3162-1
SUSE-SU-2023_3163-1
USN-6267-1
USN-6267-2
USN-6267-3
USN-6333-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu