Bug 2222652 (CVE-2023-3600)
| Summary: | CVE-2023-3600 firefox: use-after-free in workers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abobrov, desktop-qa-list, elima, erack, jhorak, nobody, stransky, thoger, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 115.0.2, thunderbird 115.0.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-07-20 09:31:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2222653, 2222654, 2222655, 2222656, 2222657, 2222658, 2222659, 2222660, 2222661, 2225313, 2225314, 2225315, 2225316, 2225317, 2225318, 2225319, 2225320, 2225321, 2225322, 2225323 | ||
| Bug Blocks: | 2222360, 2225084 | ||
|
Description
Dhananjay Arunesh
2023-07-13 11:33:57 UTC
From the upstream I get that the 102 is unaffected by this bug. Also changed code in the repository are not present in the 102. From the past experience upstream always fix affected supported versions. And 102 ESR should be supported until September 26. |