Bug 2219751 (CVE-2023-37211) - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13
Summary: CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-37211
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2217668 2217669 2217670 2217671 2217672 2217673 2217674 2217675 2217676 2217677 2217678 2217684 2217685 2217686 2217687 2217688 2217689 2217690 2217691 2217692 2217693 2217694
Blocks: 2217666
TreeView+ depends on / blocked
 
Reported: 2023-07-05 06:40 UTC by Dhananjay Arunesh
Modified: 2023-07-21 09:52 UTC (History)
8 users (show)

Fixed In Version: firefox 102.13, thunderbird 102.13
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2023-07-13 16:54:33 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4062 0 None None None 2023-07-13 08:39:00 UTC
Red Hat Product Errata RHSA-2023:4063 0 None None None 2023-07-13 08:37:39 UTC
Red Hat Product Errata RHSA-2023:4064 0 None None None 2023-07-13 08:38:02 UTC
Red Hat Product Errata RHSA-2023:4065 0 None None None 2023-07-13 08:41:40 UTC
Red Hat Product Errata RHSA-2023:4066 0 None None None 2023-07-13 08:47:49 UTC
Red Hat Product Errata RHSA-2023:4067 0 None None None 2023-07-13 08:42:41 UTC
Red Hat Product Errata RHSA-2023:4068 0 None None None 2023-07-13 08:40:42 UTC
Red Hat Product Errata RHSA-2023:4069 0 None None None 2023-07-13 08:42:54 UTC
Red Hat Product Errata RHSA-2023:4070 0 None None None 2023-07-13 08:40:55 UTC
Red Hat Product Errata RHSA-2023:4071 0 None None None 2023-07-13 08:45:42 UTC
Red Hat Product Errata RHSA-2023:4072 0 None None None 2023-07-13 08:47:14 UTC
Red Hat Product Errata RHSA-2023:4073 0 None None None 2023-07-13 08:47:46 UTC
Red Hat Product Errata RHSA-2023:4074 0 None None None 2023-07-13 08:51:30 UTC
Red Hat Product Errata RHSA-2023:4075 0 None None None 2023-07-13 08:51:25 UTC
Red Hat Product Errata RHSA-2023:4076 0 None None None 2023-07-13 08:51:18 UTC
Red Hat Product Errata RHSA-2023:4079 0 None None None 2023-07-13 12:04:18 UTC

Description Dhananjay Arunesh 2023-07-05 06:40:59 UTC
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211

Comment 2 errata-xmlrpc 2023-07-13 08:37:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4063 https://access.redhat.com/errata/RHSA-2023:4063

Comment 3 errata-xmlrpc 2023-07-13 08:38:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4064 https://access.redhat.com/errata/RHSA-2023:4064

Comment 4 errata-xmlrpc 2023-07-13 08:38:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4062 https://access.redhat.com/errata/RHSA-2023:4062

Comment 5 errata-xmlrpc 2023-07-13 08:40:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4068 https://access.redhat.com/errata/RHSA-2023:4068

Comment 6 errata-xmlrpc 2023-07-13 08:40:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4070 https://access.redhat.com/errata/RHSA-2023:4070

Comment 7 errata-xmlrpc 2023-07-13 08:41:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4065 https://access.redhat.com/errata/RHSA-2023:4065

Comment 8 errata-xmlrpc 2023-07-13 08:42:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4067 https://access.redhat.com/errata/RHSA-2023:4067

Comment 9 errata-xmlrpc 2023-07-13 08:42:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4069 https://access.redhat.com/errata/RHSA-2023:4069

Comment 10 errata-xmlrpc 2023-07-13 08:45:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4071 https://access.redhat.com/errata/RHSA-2023:4071

Comment 11 errata-xmlrpc 2023-07-13 08:47:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4072 https://access.redhat.com/errata/RHSA-2023:4072

Comment 12 errata-xmlrpc 2023-07-13 08:47:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4073 https://access.redhat.com/errata/RHSA-2023:4073

Comment 13 errata-xmlrpc 2023-07-13 08:47:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4066 https://access.redhat.com/errata/RHSA-2023:4066

Comment 14 errata-xmlrpc 2023-07-13 08:51:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4076 https://access.redhat.com/errata/RHSA-2023:4076

Comment 15 errata-xmlrpc 2023-07-13 08:51:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4075 https://access.redhat.com/errata/RHSA-2023:4075

Comment 16 errata-xmlrpc 2023-07-13 08:51:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4074 https://access.redhat.com/errata/RHSA-2023:4074

Comment 17 errata-xmlrpc 2023-07-13 12:04:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4079 https://access.redhat.com/errata/RHSA-2023:4079

Comment 18 Product Security DevOps Team 2023-07-13 16:54:31 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-37211


Note You need to log in before you can comment on or make changes to this bug.