PT-2023-8001 · Mozilla+9 · Firefox+11

Irvan Kurniawan

·

Published

2023-12-19

·

Updated

2025-03-21

·

CVE-2023-6858

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 121 Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6
Description The issue is related to a heap buffer overflow in the nsTextFragment function due to insufficient OOM handling. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Firefox versions prior to 121, update to version 121 or later. For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2024:0001
ALSA-2024:0003
ALSA-2024:0012
ALSA-2024:0025
ALT-PU-2023-8216
ALT-PU-2023-8227
ALT-PU-2023-8231
ALT-PU-2023-8368
ALT-PU-2023-8406
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4278
ALT-PU-2024-4748
BDU:2023-09115
CESA-2024_0003
CESA-2024_0012
CESA-2024_0026
CESA-2024_0027
CVE-2023-6858
DLA-3697-1
DLA-3698-1
DSA-5581-1
DSA-5582-1
MGASA-2024-0006
MGASA-2024-0012
OESA-2025-1322
OESA-2025-1323
OPENSUSE-SU-2023_4928-1
OPENSUSE-SU-2024:13519-1
OPENSUSE-SU-2024:13531-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_0044-1
RHSA-2024:0001
RHSA-2024:0002
RHSA-2024:0003
RHSA-2024:0004
RHSA-2024:0005
RHSA-2024:0011
RHSA-2024:0012
RHSA-2024:0019
RHSA-2024:0021
RHSA-2024:0022
RHSA-2024:0023
RHSA-2024:0024
RHSA-2024:0025
RHSA-2024:0026
RHSA-2024:0027
RHSA-2024:0028
RHSA-2024:0029
RHSA-2024:0030
RHSA-2024_0001
RHSA-2024_0003
RHSA-2024_0012
RHSA-2024_0025
RHSA-2024_0026
RHSA-2024_0027
RLSA-2024:0003
RLSA-2024:0012
SUSE-SU-2023:4912-1
SUSE-SU-2023:4928-1
SUSE-SU-2023:4929-1
SUSE-SU-2024:0044-1
USN-6562-1
USN-6562-2
USN-6563-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Suse
Thunderbird
Ubuntu