Bug 2162344 (CVE-2023-23605)

Summary: CVE-2023-23605 Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.7, thunderbird 102.7 Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-29 07:52:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2158855, 2158856, 2158857, 2158858, 2158859, 2158860, 2158861, 2158862, 2158863, 2158864, 2158865, 2158866, 2158867, 2158868, 2158872, 2158873, 2158874, 2158875, 2158876, 2158877, 2158878, 2158879, 2158880, 2158881, 2158883    
Bug Blocks: 2158844    

Description Dhananjay Arunesh 2023-01-19 11:36:01 UTC
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605

Comment 1 errata-xmlrpc 2023-01-23 09:18:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0285 https://access.redhat.com/errata/RHSA-2023:0285

Comment 2 errata-xmlrpc 2023-01-23 09:18:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0286 https://access.redhat.com/errata/RHSA-2023:0286

Comment 3 errata-xmlrpc 2023-01-23 09:19:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0288 https://access.redhat.com/errata/RHSA-2023:0288

Comment 4 errata-xmlrpc 2023-01-23 09:20:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0290 https://access.redhat.com/errata/RHSA-2023:0290

Comment 5 errata-xmlrpc 2023-01-23 09:20:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0289 https://access.redhat.com/errata/RHSA-2023:0289

Comment 6 errata-xmlrpc 2023-01-23 09:21:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0294 https://access.redhat.com/errata/RHSA-2023:0294

Comment 7 errata-xmlrpc 2023-01-23 09:22:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0295 https://access.redhat.com/errata/RHSA-2023:0295

Comment 8 errata-xmlrpc 2023-01-23 09:22:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0296 https://access.redhat.com/errata/RHSA-2023:0296

Comment 9 errata-xmlrpc 2023-01-25 15:15:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0457 https://access.redhat.com/errata/RHSA-2023:0457

Comment 10 errata-xmlrpc 2023-01-25 15:17:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0459 https://access.redhat.com/errata/RHSA-2023:0459

Comment 11 errata-xmlrpc 2023-01-25 15:24:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0461 https://access.redhat.com/errata/RHSA-2023:0461

Comment 12 errata-xmlrpc 2023-01-25 15:25:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0460 https://access.redhat.com/errata/RHSA-2023:0460

Comment 13 errata-xmlrpc 2023-01-25 15:25:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0456 https://access.redhat.com/errata/RHSA-2023:0456

Comment 14 errata-xmlrpc 2023-01-25 15:28:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0462 https://access.redhat.com/errata/RHSA-2023:0462

Comment 15 errata-xmlrpc 2023-01-25 15:29:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0463 https://access.redhat.com/errata/RHSA-2023:0463

Comment 16 errata-xmlrpc 2023-01-26 17:15:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0476 https://access.redhat.com/errata/RHSA-2023:0476

Comment 17 Product Security DevOps Team 2023-01-29 07:52:07 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-23605