Bug 2240896 (CVE-2023-5176)

Summary: CVE-2023-5176 Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 115.3 Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs are present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2237247    

Description Dhananjay Arunesh 2023-09-27 06:51:18 UTC 
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5176
Comment 26 errata-xmlrpc 2023-10-04 11:03:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5427 https://access.redhat.com/errata/RHSA-2023:5427
Comment 27 errata-xmlrpc 2023-10-04 11:09:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5426 https://access.redhat.com/errata/RHSA-2023:5426
Comment 28 errata-xmlrpc 2023-10-04 11:26:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5428 https://access.redhat.com/errata/RHSA-2023:5428
Comment 29 errata-xmlrpc 2023-10-04 11:29:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5429 https://access.redhat.com/errata/RHSA-2023:5429
Comment 30 errata-xmlrpc 2023-10-04 11:38:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5430 https://access.redhat.com/errata/RHSA-2023:5430
Comment 31 errata-xmlrpc 2023-10-04 11:44:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5432 https://access.redhat.com/errata/RHSA-2023:5432
Comment 32 errata-xmlrpc 2023-10-04 11:46:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5434 https://access.redhat.com/errata/RHSA-2023:5434
Comment 33 errata-xmlrpc 2023-10-04 11:48:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5436 https://access.redhat.com/errata/RHSA-2023:5436
Comment 34 errata-xmlrpc 2023-10-04 11:49:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5435 https://access.redhat.com/errata/RHSA-2023:5435
Comment 35 errata-xmlrpc 2023-10-04 11:49:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5433 https://access.redhat.com/errata/RHSA-2023:5433
Comment 36 errata-xmlrpc 2023-10-04 11:53:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5439 https://access.redhat.com/errata/RHSA-2023:5439
Comment 37 errata-xmlrpc 2023-10-04 11:55:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5437 https://access.redhat.com/errata/RHSA-2023:5437
Comment 38 errata-xmlrpc 2023-10-04 11:59:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5440 https://access.redhat.com/errata/RHSA-2023:5440
Comment 39 errata-xmlrpc 2023-10-04 11:59:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5438 https://access.redhat.com/errata/RHSA-2023:5438
Comment 40 errata-xmlrpc 2023-10-05 14:51:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5475 https://access.redhat.com/errata/RHSA-2023:5475
Comment 41 errata-xmlrpc 2023-10-05 14:51:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5477 https://access.redhat.com/errata/RHSA-2023:5477