2186111 – (CVE-2023-29550) CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10

Bug 2186111 (CVE-2023-29550) - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10

Summary: CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox E...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-29550
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2183235 2183236 2183237 2183238 2183239 2183240 2183241 2183242 2183243 2183244 2183245 2183246 2183249 2183252 2183253 2183254 2183255 2183256 2183257 2183258 2183260 2183261 2183262 2183263 2183264 2183265
Blocks:	2183233
TreeView+	depends on / blocked

Reported:	2023-04-12 06:24 UTC by Dhananjay Arunesh
Modified:	2023-06-09 13:50 UTC (History)
CC List:	5 users (show)
Fixed In Version:	firefox 102.10, thunderbird 102.10
Doc Type:	---
Doc Text:	The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:	2023-04-17 21:06:54 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:1785	None	None	None	2023-04-14 13:28:50 UTC
Red Hat Product Errata	RHSA-2023:1786	None	None	None	2023-04-14 13:37:39 UTC
Red Hat Product Errata	RHSA-2023:1787	None	None	None	2023-04-14 13:40:46 UTC
Red Hat Product Errata	RHSA-2023:1788	None	None	None	2023-04-14 13:41:29 UTC
Red Hat Product Errata	RHSA-2023:1789	None	None	None	2023-04-14 13:39:26 UTC
Red Hat Product Errata	RHSA-2023:1790	None	None	None	2023-04-14 13:43:40 UTC
Red Hat Product Errata	RHSA-2023:1791	None	None	None	2023-04-14 13:43:20 UTC
Red Hat Product Errata	RHSA-2023:1792	None	None	None	2023-04-14 13:42:37 UTC
Red Hat Product Errata	RHSA-2023:1802	None	None	None	2023-04-17 13:58:29 UTC
Red Hat Product Errata	RHSA-2023:1803	None	None	None	2023-04-17 13:53:00 UTC
Red Hat Product Errata	RHSA-2023:1804	None	None	None	2023-04-17 13:57:49 UTC
Red Hat Product Errata	RHSA-2023:1805	None	None	None	2023-04-17 13:57:16 UTC
Red Hat Product Errata	RHSA-2023:1806	None	None	None	2023-04-17 14:07:32 UTC
Red Hat Product Errata	RHSA-2023:1809	None	None	None	2023-04-17 14:06:55 UTC
Red Hat Product Errata	RHSA-2023:1810	None	None	None	2023-04-17 14:07:16 UTC
Red Hat Product Errata	RHSA-2023:1811	None	None	None	2023-04-17 14:11:36 UTC

Description Dhananjay Arunesh 2023-04-12 06:24:39 UTC

Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29550

Comment 1 errata-xmlrpc 2023-04-14 13:28:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1785 https://access.redhat.com/errata/RHSA-2023:1785

Comment 2 errata-xmlrpc 2023-04-14 13:37:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1786 https://access.redhat.com/errata/RHSA-2023:1786

Comment 3 errata-xmlrpc 2023-04-14 13:39:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1789 https://access.redhat.com/errata/RHSA-2023:1789

Comment 4 errata-xmlrpc 2023-04-14 13:40:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1787 https://access.redhat.com/errata/RHSA-2023:1787

Comment 5 errata-xmlrpc 2023-04-14 13:41:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1788 https://access.redhat.com/errata/RHSA-2023:1788

Comment 6 errata-xmlrpc 2023-04-14 13:42:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1792 https://access.redhat.com/errata/RHSA-2023:1792

Comment 7 errata-xmlrpc 2023-04-14 13:43:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1791 https://access.redhat.com/errata/RHSA-2023:1791

Comment 8 errata-xmlrpc 2023-04-14 13:43:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1790 https://access.redhat.com/errata/RHSA-2023:1790

Comment 9 errata-xmlrpc 2023-04-17 13:52:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1803 https://access.redhat.com/errata/RHSA-2023:1803

Comment 10 errata-xmlrpc 2023-04-17 13:57:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1805 https://access.redhat.com/errata/RHSA-2023:1805

Comment 11 errata-xmlrpc 2023-04-17 13:57:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1804 https://access.redhat.com/errata/RHSA-2023:1804

Comment 12 errata-xmlrpc 2023-04-17 13:58:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1802 https://access.redhat.com/errata/RHSA-2023:1802

Comment 13 errata-xmlrpc 2023-04-17 14:06:54 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1809 https://access.redhat.com/errata/RHSA-2023:1809

Comment 14 errata-xmlrpc 2023-04-17 14:07:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1810 https://access.redhat.com/errata/RHSA-2023:1810

Comment 15 errata-xmlrpc 2023-04-17 14:07:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1806 https://access.redhat.com/errata/RHSA-2023:1806

Comment 16 errata-xmlrpc 2023-04-17 14:11:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1811 https://access.redhat.com/errata/RHSA-2023:1811

Comment 17 Product Security DevOps Team 2023-04-17 21:06:52 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-29550

Note You need to log in before you can comment on or make changes to this bug.