PT-2023-8004 · Mozilla+9 · Firefox+11

Ronald Crane

Published

2023-12-19

Updated

2025-03-14

CVE-2023-6863

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 Firefox versions prior to 121

Description The ShutdownObserver() function was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later. For Firefox versions prior to 121, update to version 121 or later. As a temporary workaround, consider disabling the ShutdownObserver() function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-758

Related Identifiers

ALSA-2024:0001

ALSA-2024:0003

ALSA-2024:0012

ALSA-2024:0025

ALT-PU-2023-8216

ALT-PU-2023-8227

ALT-PU-2023-8231

ALT-PU-2023-8368

ALT-PU-2023-8406

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-3614

ALT-PU-2024-3860

ALT-PU-2024-4278

ALT-PU-2024-4748

BDU:2023-09055

BDU:2023-09118

CESA-2024_0003

CESA-2024_0012

CESA-2024_0026

CESA-2024_0027

CVE-2023-6863

DLA-3697-1

DSA-5581-1

MGASA-2024-0006

MGASA-2024-0012

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_4928-1

OPENSUSE-SU-2024:13519-1

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_0044-1

RHSA-2024:0001

RHSA-2024:0002

RHSA-2024:0003

RHSA-2024:0004

RHSA-2024:0005

RHSA-2024:0011

RHSA-2024:0012

RHSA-2024:0019

RHSA-2024:0021

RHSA-2024:0022

RHSA-2024:0023

RHSA-2024:0024

RHSA-2024:0025

RHSA-2024:0026

RHSA-2024:0027

RHSA-2024:0028

RHSA-2024:0029

RHSA-2024:0030

RHSA-2024_0001

RHSA-2024_0003

RHSA-2024_0012

RHSA-2024_0025

RHSA-2024_0026

RHSA-2024_0027

RLSA-2024:0003

RLSA-2024:0012

SUSE-SU-2023:4912-1

SUSE-SU-2023:4928-1

SUSE-SU-2023:4929-1

SUSE-SU-2024:0044-1

USN-6562-1

USN-6562-2

USN-6563-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Suse

Thunderbird

Ubuntu

PT-2023-8004 · Mozilla+9 · Firefox+11

CVE-2023-6863

Weakness Enumeration

Related Identifiers

Affected Products

References · 2210