2178460 – (CVE-2023-25752) CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams

Bug 2178460 (CVE-2023-25752) - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams

Summary: CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-25752
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2176588 2176589 2176590 2176592 2176593 2176594 2176595 2176596 2176597 2176598 2176599 2176600 2176601 2176604 2176605 2176606 2176607 2176608 2176609 2176610 2176611 2176612 2176613 2176614 2176615 2176616
Blocks:	2176586
TreeView+	depends on / blocked

Reported:	2023-03-15 04:30 UTC by msiddiqu
Modified:	2023-03-27 19:16 UTC (History)
CC List:	5 users (show)
Fixed In Version:	firefox 102.9, thunderbird 102.9
Doc Type:	---
Doc Text:	A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when accessing throttled streams, the count of available bytes needs to be checked in the calling function to be within bounds. This may have led future code to be incorrect and vulnerable.
Clone Of:
Environment:
Last Closed:	2023-03-27 19:16:49 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:1333	None	None	None	2023-03-20 09:29:55 UTC
Red Hat Product Errata	RHSA-2023:1336	None	None	None	2023-03-20 09:36:25 UTC
Red Hat Product Errata	RHSA-2023:1337	None	None	None	2023-03-20 09:34:37 UTC
Red Hat Product Errata	RHSA-2023:1364	None	None	None	2023-03-21 08:16:46 UTC
Red Hat Product Errata	RHSA-2023:1367	None	None	None	2023-03-21 09:43:02 UTC
Red Hat Product Errata	RHSA-2023:1401	None	None	None	2023-03-22 10:05:09 UTC
Red Hat Product Errata	RHSA-2023:1402	None	None	None	2023-03-22 10:23:28 UTC
Red Hat Product Errata	RHSA-2023:1403	None	None	None	2023-03-22 10:33:03 UTC
Red Hat Product Errata	RHSA-2023:1404	None	None	None	2023-03-22 10:34:44 UTC
Red Hat Product Errata	RHSA-2023:1407	None	None	None	2023-03-22 10:34:21 UTC
Red Hat Product Errata	RHSA-2023:1442	None	None	None	2023-03-23 11:07:26 UTC
Red Hat Product Errata	RHSA-2023:1443	None	None	None	2023-03-23 11:16:26 UTC
Red Hat Product Errata	RHSA-2023:1444	None	None	None	2023-03-23 11:27:24 UTC
Red Hat Product Errata	RHSA-2023:1445	None	None	None	2023-03-23 11:16:37 UTC
Red Hat Product Errata	RHSA-2023:1472	None	None	None	2023-03-27 08:16:06 UTC
Red Hat Product Errata	RHSA-2023:1479	None	None	None	2023-03-27 15:11:51 UTC

Description msiddiqu 2023-03-15 04:30:30 UTC

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752

Comment 9 errata-xmlrpc 2023-03-20 09:29:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1333 https://access.redhat.com/errata/RHSA-2023:1333

Comment 10 errata-xmlrpc 2023-03-20 09:34:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1337 https://access.redhat.com/errata/RHSA-2023:1337

Comment 11 errata-xmlrpc 2023-03-20 09:36:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1336 https://access.redhat.com/errata/RHSA-2023:1336

Comment 12 errata-xmlrpc 2023-03-21 08:16:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1364 https://access.redhat.com/errata/RHSA-2023:1364

Comment 13 errata-xmlrpc 2023-03-21 09:43:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1367 https://access.redhat.com/errata/RHSA-2023:1367

Comment 14 errata-xmlrpc 2023-03-22 10:05:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1401 https://access.redhat.com/errata/RHSA-2023:1401

Comment 15 errata-xmlrpc 2023-03-22 10:23:26 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1402 https://access.redhat.com/errata/RHSA-2023:1402

Comment 16 errata-xmlrpc 2023-03-22 10:33:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1403 https://access.redhat.com/errata/RHSA-2023:1403

Comment 17 errata-xmlrpc 2023-03-22 10:34:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1407 https://access.redhat.com/errata/RHSA-2023:1407

Comment 18 errata-xmlrpc 2023-03-22 10:34:43 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1404 https://access.redhat.com/errata/RHSA-2023:1404

Comment 19 errata-xmlrpc 2023-03-23 11:07:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1442 https://access.redhat.com/errata/RHSA-2023:1442

Comment 20 errata-xmlrpc 2023-03-23 11:16:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1443 https://access.redhat.com/errata/RHSA-2023:1443

Comment 21 errata-xmlrpc 2023-03-23 11:16:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1445 https://access.redhat.com/errata/RHSA-2023:1445

Comment 22 errata-xmlrpc 2023-03-23 11:27:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1444 https://access.redhat.com/errata/RHSA-2023:1444

Comment 23 errata-xmlrpc 2023-03-27 08:16:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1472 https://access.redhat.com/errata/RHSA-2023:1472

Comment 24 errata-xmlrpc 2023-03-27 15:11:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1479 https://access.redhat.com/errata/RHSA-2023:1479

Comment 25 Product Security DevOps Team 2023-03-27 19:16:46 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-25752

Note You need to log in before you can comment on or make changes to this bug.