CVE-2023-4056

Name of the Vulnerable Software and Affected Versions Firefox versions 115 through 115 Firefox ESR versions 102.13 through 102.13 Firefox ESR versions 115.0 through 115.0 Thunderbird versions 102.13 through 102.13 Thunderbird versions 115.0 through 115.0 Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1

Description The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code, with evidence of memory corruption found in some cases. The vulnerability may allow a remote attacker to impact the integrity of protected information by exploiting errors in state management due to an excessive number of cookies in document.cookie. Additionally, the vulnerability in the Mozilla Thunderbird email client is related to a boundary error when processing HTML content, which could allow an attacker to trick a victim into opening a specially crafted web page, causing memory damage and potentially executing arbitrary code.

Recommendations For Firefox version 115, update to version 116 or later. For Firefox ESR version 115.0, update to version 115.1 or later. For Firefox ESR version 102.13, update to version 102.14 or later. For Thunderbird version 115.0, update to a version that includes the fix for the boundary error in HTML content processing. For Thunderbird version 102.13, update to a version that includes the fix for the boundary error in HTML content processing. As a temporary workaround, consider restricting the use of document.cookie to minimize the risk of exploitation until a patch is available.