Bug 2170381 (CVE-2023-25739)

Summary: CVE-2023-25739 Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.8, thunderbird 102.8 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in `ScriptLoadContext`.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-20 18:30:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2167578, 2167579, 2167580, 2167581, 2167582, 2167583, 2167584, 2167585, 2167586, 2167587, 2167588, 2167672, 2167673, 2167674, 2167675, 2167676, 2167677, 2167678, 2167679, 2167680, 2167681, 2167682    
Bug Blocks: 2167576    

Description Dhananjay Arunesh 2023-02-16 09:09:37 UTC 
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in `ScriptLoadContext`.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25739
Comment 1 errata-xmlrpc 2023-02-20 08:16:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0806 https://access.redhat.com/errata/RHSA-2023:0806
Comment 2 errata-xmlrpc 2023-02-20 08:18:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0805 https://access.redhat.com/errata/RHSA-2023:0805
Comment 3 errata-xmlrpc 2023-02-20 08:23:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0809 https://access.redhat.com/errata/RHSA-2023:0809
Comment 4 errata-xmlrpc 2023-02-20 08:25:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0810 https://access.redhat.com/errata/RHSA-2023:0810
Comment 5 errata-xmlrpc 2023-02-20 08:25:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0807 https://access.redhat.com/errata/RHSA-2023:0807
Comment 6 errata-xmlrpc 2023-02-20 08:26:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0811 https://access.redhat.com/errata/RHSA-2023:0811
Comment 7 errata-xmlrpc 2023-02-20 08:27:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0808 https://access.redhat.com/errata/RHSA-2023:0808
Comment 8 errata-xmlrpc 2023-02-20 08:27:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0812 https://access.redhat.com/errata/RHSA-2023:0812
Comment 9 errata-xmlrpc 2023-02-20 12:12:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0818 https://access.redhat.com/errata/RHSA-2023:0818
Comment 10 errata-xmlrpc 2023-02-20 12:12:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0819 https://access.redhat.com/errata/RHSA-2023:0819
Comment 11 errata-xmlrpc 2023-02-20 12:16:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0822 https://access.redhat.com/errata/RHSA-2023:0822
Comment 12 errata-xmlrpc 2023-02-20 12:16:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0817 https://access.redhat.com/errata/RHSA-2023:0817
Comment 13 errata-xmlrpc 2023-02-20 12:17:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0824 https://access.redhat.com/errata/RHSA-2023:0824
Comment 14 errata-xmlrpc 2023-02-20 12:17:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0820 https://access.redhat.com/errata/RHSA-2023:0820
Comment 15 errata-xmlrpc 2023-02-20 12:17:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0821 https://access.redhat.com/errata/RHSA-2023:0821
Comment 16 errata-xmlrpc 2023-02-20 12:18:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0823 https://access.redhat.com/errata/RHSA-2023:0823
Comment 17 Product Security DevOps Team 2023-02-20 18:30:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-25739