2170391 – (CVE-2023-25744) CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8

Bug 2170391 (CVE-2023-25744) - CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8

Summary: CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox E...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-25744
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2167578 2167579 2167580 2167581 2167582 2167583 2167584 2167585 2167586 2167587 2167588 2167672 2167673 2167674 2167675 2167676 2167677 2167678 2167679 2167680 2167681 2167682
Blocks:	2167576
TreeView+	depends on / blocked

Reported:	2023-02-16 09:10 UTC by Dhananjay Arunesh
Modified:	2023-06-09 13:52 UTC (History)
CC List:	5 users (show)
Fixed In Version:	firefox 102.8, thunderbird 102.8
Doc Type:	If docs needed, set a value
Doc Text:	The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:	2023-02-20 18:35:27 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:0805	None	None	None	2023-02-20 08:18:44 UTC
Red Hat Product Errata	RHSA-2023:0806	None	None	None	2023-02-20 08:16:42 UTC
Red Hat Product Errata	RHSA-2023:0807	None	None	None	2023-02-20 08:25:48 UTC
Red Hat Product Errata	RHSA-2023:0808	None	None	None	2023-02-20 08:27:20 UTC
Red Hat Product Errata	RHSA-2023:0809	None	None	None	2023-02-20 08:23:35 UTC
Red Hat Product Errata	RHSA-2023:0810	None	None	None	2023-02-20 08:25:12 UTC
Red Hat Product Errata	RHSA-2023:0811	None	None	None	2023-02-20 08:26:34 UTC
Red Hat Product Errata	RHSA-2023:0812	None	None	None	2023-02-20 08:27:55 UTC
Red Hat Product Errata	RHSA-2023:0817	None	None	None	2023-02-20 12:17:06 UTC
Red Hat Product Errata	RHSA-2023:0818	None	None	None	2023-02-20 12:12:16 UTC
Red Hat Product Errata	RHSA-2023:0819	None	None	None	2023-02-20 12:12:50 UTC
Red Hat Product Errata	RHSA-2023:0820	None	None	None	2023-02-20 12:17:44 UTC
Red Hat Product Errata	RHSA-2023:0821	None	None	None	2023-02-20 12:18:02 UTC
Red Hat Product Errata	RHSA-2023:0822	None	None	None	2023-02-20 12:16:46 UTC
Red Hat Product Errata	RHSA-2023:0823	None	None	None	2023-02-20 12:18:23 UTC
Red Hat Product Errata	RHSA-2023:0824	None	None	None	2023-02-20 12:17:24 UTC

Description Dhananjay Arunesh 2023-02-16 09:10:45 UTC

Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25744

Comment 1 errata-xmlrpc 2023-02-20 08:16:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0806 https://access.redhat.com/errata/RHSA-2023:0806

Comment 2 errata-xmlrpc 2023-02-20 08:18:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0805 https://access.redhat.com/errata/RHSA-2023:0805

Comment 3 errata-xmlrpc 2023-02-20 08:23:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0809 https://access.redhat.com/errata/RHSA-2023:0809

Comment 4 errata-xmlrpc 2023-02-20 08:25:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0810 https://access.redhat.com/errata/RHSA-2023:0810

Comment 5 errata-xmlrpc 2023-02-20 08:25:47 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0807 https://access.redhat.com/errata/RHSA-2023:0807

Comment 6 errata-xmlrpc 2023-02-20 08:26:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0811 https://access.redhat.com/errata/RHSA-2023:0811

Comment 7 errata-xmlrpc 2023-02-20 08:27:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0808 https://access.redhat.com/errata/RHSA-2023:0808

Comment 8 errata-xmlrpc 2023-02-20 08:27:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0812 https://access.redhat.com/errata/RHSA-2023:0812

Comment 9 errata-xmlrpc 2023-02-20 12:12:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0818 https://access.redhat.com/errata/RHSA-2023:0818

Comment 10 errata-xmlrpc 2023-02-20 12:12:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0819 https://access.redhat.com/errata/RHSA-2023:0819

Comment 11 errata-xmlrpc 2023-02-20 12:16:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0822 https://access.redhat.com/errata/RHSA-2023:0822

Comment 12 errata-xmlrpc 2023-02-20 12:17:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0817 https://access.redhat.com/errata/RHSA-2023:0817

Comment 13 errata-xmlrpc 2023-02-20 12:17:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0824 https://access.redhat.com/errata/RHSA-2023:0824

Comment 14 errata-xmlrpc 2023-02-20 12:17:43 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0820 https://access.redhat.com/errata/RHSA-2023:0820

Comment 15 errata-xmlrpc 2023-02-20 12:18:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0821 https://access.redhat.com/errata/RHSA-2023:0821

Comment 16 errata-xmlrpc 2023-02-20 12:18:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0823 https://access.redhat.com/errata/RHSA-2023:0823

Comment 17 Product Security DevOps Team 2023-02-20 18:35:24 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-25744

Note You need to log in before you can comment on or make changes to this bug.