PT-2023-7089 · Mozilla+9 · Firefox+11

M.Cooolie

+1

·

Published

2023-11-20

·

Updated

2025-03-14

·

CVE-2023-6205

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 120 Firefox ESR versions prior to 115.5.0 Thunderbird versions prior to 115.5
Description The issue is related to the use of a MessagePort after it has been freed, potentially leading to an exploitable crash. This could allow a remote attacker to cause a denial of service or other impact. The estimated number of potentially affected devices worldwide is not specified.
Recommendations For Firefox versions prior to 120, update to version 120 or later. For Firefox ESR versions prior to 115.5.0, update to version 115.5.0 or later. For Thunderbird versions prior to 115.5, update to version 115.5 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:7500
ALSA-2023:7501
ALSA-2023:7507
ALSA-2023:7508
ALT-PU-2023-7473
ALT-PU-2023-7760
ALT-PU-2023-7774
ALT-PU-2023-8216
ALT-PU-2023-8227
ALT-PU-2023-8368
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4748
BDU:2023-08116
CESA-2023_7500
CESA-2023_7508
CVE-2023-6205
DLA-3661-1
DLA-3674-1
DSA-5561-1
DSA-5566-1
MGASA-2023-0342
MGASA-2023-0343
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2023_4588-1
OPENSUSE-SU-2023_4928-1
OPENSUSE-SU-2024:13459-1
OPENSUSE-SU-2024:13468-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:7499
RHSA-2023:7500
RHSA-2023:7501
RHSA-2023:7502
RHSA-2023:7503
RHSA-2023:7504
RHSA-2023:7505
RHSA-2023:7506
RHSA-2023:7507
RHSA-2023:7508
RHSA-2023:7509
RHSA-2023:7510
RHSA-2023:7511
RHSA-2023:7512
RHSA-2023:7547
RHSA-2023:7569
RHSA-2023:7570
RHSA-2023:7573
RHSA-2023:7574
RHSA-2023:7577
RHSA-2023_7500
RHSA-2023_7501
RHSA-2023_7505
RHSA-2023_7507
RHSA-2023_7508
RHSA-2023_7509
RLSA-2023:7500
SUSE-SU-2023:4588-1
SUSE-SU-2023:4912-1
SUSE-SU-2023:4928-1
SUSE-SU-2023:4929-1
USN-6509-1
USN-6509-2
USN-6515-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Suse
Thunderbird
Ubuntu