Bug 2250899 (CVE-2023-6207) - CVE-2023-6207 Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
Summary: CVE-2023-6207 Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
Keywords:
Status: NEW
Alias: CVE-2023-6207
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2249647
TreeView+ depends on / blocked
 
Reported: 2023-11-21 17:42 UTC by Mauro Matteo Cascella
Modified: 2023-12-01 12:13 UTC (History)
0 users

Fixed In Version: firefox 115.5, thunderbird 115.5
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:7499 0 None None None 2023-11-27 15:44:28 UTC
Red Hat Product Errata RHSA-2023:7500 0 None None None 2023-11-27 15:46:53 UTC
Red Hat Product Errata RHSA-2023:7501 0 None None None 2023-11-27 15:47:03 UTC
Red Hat Product Errata RHSA-2023:7502 0 None None None 2023-11-27 15:44:53 UTC
Red Hat Product Errata RHSA-2023:7503 0 None None None 2023-11-27 15:57:32 UTC
Red Hat Product Errata RHSA-2023:7504 0 None None None 2023-11-27 15:48:24 UTC
Red Hat Product Errata RHSA-2023:7505 0 None None None 2023-11-27 16:10:20 UTC
Red Hat Product Errata RHSA-2023:7506 0 None None None 2023-11-27 16:03:07 UTC
Red Hat Product Errata RHSA-2023:7507 0 None None None 2023-11-27 16:09:09 UTC
Red Hat Product Errata RHSA-2023:7508 0 None None None 2023-11-27 16:10:14 UTC
Red Hat Product Errata RHSA-2023:7509 0 None None None 2023-11-27 16:18:13 UTC
Red Hat Product Errata RHSA-2023:7510 0 None None None 2023-11-27 16:03:13 UTC
Red Hat Product Errata RHSA-2023:7511 0 None None None 2023-11-27 16:10:03 UTC
Red Hat Product Errata RHSA-2023:7512 0 None None None 2023-11-27 16:25:01 UTC
Red Hat Product Errata RHSA-2023:7547 0 None None None 2023-11-28 15:12:08 UTC
Red Hat Product Errata RHSA-2023:7569 0 None None None 2023-11-29 12:49:24 UTC
Red Hat Product Errata RHSA-2023:7570 0 None None None 2023-11-29 12:49:37 UTC
Red Hat Product Errata RHSA-2023:7573 0 None None None 2023-11-29 13:42:59 UTC
Red Hat Product Errata RHSA-2023:7574 0 None None None 2023-11-29 13:43:09 UTC
Red Hat Product Errata RHSA-2023:7577 0 None None None 2023-11-29 13:55:07 UTC

Description Mauro Matteo Cascella 2023-11-21 17:42:21 UTC 
Ownership mismanagement led to a use-after-free in ReadableByteStreams

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207
Comment 27 errata-xmlrpc 2023-11-27 15:44:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7499 https://access.redhat.com/errata/RHSA-2023:7499
Comment 28 errata-xmlrpc 2023-11-27 15:44:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:7502 https://access.redhat.com/errata/RHSA-2023:7502
Comment 29 errata-xmlrpc 2023-11-27 15:46:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7500 https://access.redhat.com/errata/RHSA-2023:7500
Comment 30 errata-xmlrpc 2023-11-27 15:47:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7501 https://access.redhat.com/errata/RHSA-2023:7501
Comment 31 errata-xmlrpc 2023-11-27 15:48:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7504 https://access.redhat.com/errata/RHSA-2023:7504
Comment 32 errata-xmlrpc 2023-11-27 15:57:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7503 https://access.redhat.com/errata/RHSA-2023:7503
Comment 33 errata-xmlrpc 2023-11-27 16:03:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7506 https://access.redhat.com/errata/RHSA-2023:7506
Comment 34 errata-xmlrpc 2023-11-27 16:03:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7510 https://access.redhat.com/errata/RHSA-2023:7510
Comment 35 errata-xmlrpc 2023-11-27 16:09:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7507 https://access.redhat.com/errata/RHSA-2023:7507
Comment 36 errata-xmlrpc 2023-11-27 16:10:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7511 https://access.redhat.com/errata/RHSA-2023:7511
Comment 37 errata-xmlrpc 2023-11-27 16:10:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7508 https://access.redhat.com/errata/RHSA-2023:7508
Comment 38 errata-xmlrpc 2023-11-27 16:10:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7505 https://access.redhat.com/errata/RHSA-2023:7505
Comment 39 errata-xmlrpc 2023-11-27 16:18:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7509 https://access.redhat.com/errata/RHSA-2023:7509
Comment 40 errata-xmlrpc 2023-11-27 16:24:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7512 https://access.redhat.com/errata/RHSA-2023:7512
Comment 41 errata-xmlrpc 2023-11-28 15:12:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:7547 https://access.redhat.com/errata/RHSA-2023:7547
Comment 42 errata-xmlrpc 2023-11-29 12:49:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7569 https://access.redhat.com/errata/RHSA-2023:7569
Comment 43 errata-xmlrpc 2023-11-29 12:49:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7570 https://access.redhat.com/errata/RHSA-2023:7570
Comment 44 errata-xmlrpc 2023-11-29 13:42:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7573 https://access.redhat.com/errata/RHSA-2023:7573
Comment 45 errata-xmlrpc 2023-11-29 13:43:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7574 https://access.redhat.com/errata/RHSA-2023:7574
Comment 46 errata-xmlrpc 2023-11-29 13:55:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7577 https://access.redhat.com/errata/RHSA-2023:7577
Note You need to log in before you can comment on or make changes to this bug.