Bug 2222652 (CVE-2023-3600)
| Summary: | CVE-2023-3600 firefox: use-after-free in workers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abobrov, desktop-qa-list, elima, erack, jhorak, nobody, stransky, thoger, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 115.0.2, thunderbird 115.0.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-07-20 09:31:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2222653, 2222654, 2222655, 2222656, 2222657, 2222658, 2222659, 2222660, 2222661, 2225313, 2225314, 2225315, 2225316, 2225317, 2225318, 2225319, 2225320, 2225321, 2225322, 2225323 | ||
| Bug Blocks: | 2222360, 2225084 | ||
|
Description
Dhananjay Arunesh
2023-07-13 11:33:57 UTC
From the upstream I get that the 102 is unaffected by this bug. Also changed code in the repository are not present in the 102. From the past experience upstream always fix affected supported versions. And 102 ESR should be supported until September 26. Dhananjay can you also please close all the tracker bugs that you've created for this? In reply to comment #10: > Dhananjay can you also please close all the tracker bugs that you've created > for this? closed all trackers with resolution NOTABUG. (In reply to Dhananjay Arunesh from comment #11) > In reply to comment #10: > > Dhananjay can you also please close all the tracker bugs that you've created > > for this? > > closed all trackers with resolution NOTABUG. Bug 2225319 was missed, but I will close that one. Thanks! This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5427 https://access.redhat.com/errata/RHSA-2023:5427 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5426 https://access.redhat.com/errata/RHSA-2023:5426 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5428 https://access.redhat.com/errata/RHSA-2023:5428 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5429 https://access.redhat.com/errata/RHSA-2023:5429 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5430 https://access.redhat.com/errata/RHSA-2023:5430 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5432 https://access.redhat.com/errata/RHSA-2023:5432 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5434 https://access.redhat.com/errata/RHSA-2023:5434 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5436 https://access.redhat.com/errata/RHSA-2023:5436 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5435 https://access.redhat.com/errata/RHSA-2023:5435 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5433 https://access.redhat.com/errata/RHSA-2023:5433 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5439 https://access.redhat.com/errata/RHSA-2023:5439 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5437 https://access.redhat.com/errata/RHSA-2023:5437 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5440 https://access.redhat.com/errata/RHSA-2023:5440 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5438 https://access.redhat.com/errata/RHSA-2023:5438 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5475 https://access.redhat.com/errata/RHSA-2023:5475 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5477 https://access.redhat.com/errata/RHSA-2023:5477 |