Bug 2196753 (CVE-2023-32215)

Summary:	CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
Product:	[Other] Security Response	Reporter:	Dhananjay Arunesh <darunesh>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	high	Docs Contact:
Priority:	high
Version:	unspecified	CC:	abobrov, elima, erack, jhorak, nobody, stransky, tpopela
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	firefox 102.11, thunderbird 102.11	Doc Type:	---
Doc Text:	The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-05-18 12:47:14 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2192787, 2192788, 2192789, 2192790, 2192791, 2192792, 2192793, 2192794, 2192795, 2192796, 2192797, 2192798, 2192801, 2192802, 2192803, 2192804, 2192805, 2192806, 2192807, 2192808, 2192809, 2192810, 2192811, 2192812
Bug Blocks:	2192785

Description Dhananjay Arunesh 2023-05-10 06:28:32 UTC

Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215

Comment 1 errata-xmlrpc 2023-05-16 18:39:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3138 https://access.redhat.com/errata/RHSA-2023:3138

Comment 2 errata-xmlrpc 2023-05-16 18:39:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3139 https://access.redhat.com/errata/RHSA-2023:3139

Comment 3 errata-xmlrpc 2023-05-16 18:47:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3137 https://access.redhat.com/errata/RHSA-2023:3137

Comment 4 errata-xmlrpc 2023-05-16 18:52:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3142 https://access.redhat.com/errata/RHSA-2023:3142

Comment 5 errata-xmlrpc 2023-05-16 18:52:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3140 https://access.redhat.com/errata/RHSA-2023:3140

Comment 6 errata-xmlrpc 2023-05-16 19:02:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3141 https://access.redhat.com/errata/RHSA-2023:3141

Comment 7 errata-xmlrpc 2023-05-16 19:03:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3143 https://access.redhat.com/errata/RHSA-2023:3143

Comment 8 errata-xmlrpc 2023-05-16 19:38:54 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3150 https://access.redhat.com/errata/RHSA-2023:3150

Comment 9 errata-xmlrpc 2023-05-16 19:39:26 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3149 https://access.redhat.com/errata/RHSA-2023:3149

Comment 10 errata-xmlrpc 2023-05-16 19:40:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3152 https://access.redhat.com/errata/RHSA-2023:3152

Comment 11 errata-xmlrpc 2023-05-16 19:40:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3153 https://access.redhat.com/errata/RHSA-2023:3153

Comment 12 errata-xmlrpc 2023-05-16 19:41:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3154 https://access.redhat.com/errata/RHSA-2023:3154

Comment 13 errata-xmlrpc 2023-05-16 19:42:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3151 https://access.redhat.com/errata/RHSA-2023:3151

Comment 14 errata-xmlrpc 2023-05-16 19:43:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3155 https://access.redhat.com/errata/RHSA-2023:3155

Comment 17 errata-xmlrpc 2023-05-18 06:36:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3221 https://access.redhat.com/errata/RHSA-2023:3221

Comment 18 errata-xmlrpc 2023-05-18 06:36:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3220 https://access.redhat.com/errata/RHSA-2023:3220

Comment 19 Product Security DevOps Team 2023-05-18 12:47:11 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-32215