Bug 2255370 (CVE-2023-6864) - CVE-2023-6864 Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
Summary: CVE-2023-6864 Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 1...
Keywords:
Status: NEW
Alias: CVE-2023-6864
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2254313
TreeView+ depends on / blocked
 
Reported: 2023-12-20 11:21 UTC by Mauro Matteo Cascella
Modified: 2024-01-02 08:57 UTC (History)
4 users (show)

Fixed In Version: firefox 115.6, thunderbird 115.6
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:0001 0 None None None 2024-01-02 07:42:47 UTC
Red Hat Product Errata RHSA-2024:0002 0 None None None 2024-01-02 08:02:03 UTC
Red Hat Product Errata RHSA-2024:0003 0 None None None 2024-01-02 08:26:01 UTC
Red Hat Product Errata RHSA-2024:0004 0 None None None 2024-01-02 08:10:27 UTC
Red Hat Product Errata RHSA-2024:0005 0 None None None 2024-01-02 08:14:28 UTC
Red Hat Product Errata RHSA-2024:0011 0 None None None 2024-01-02 08:22:13 UTC
Red Hat Product Errata RHSA-2024:0012 0 None None None 2024-01-02 08:16:04 UTC
Red Hat Product Errata RHSA-2024:0019 0 None None None 2024-01-02 08:23:30 UTC
Red Hat Product Errata RHSA-2024:0021 0 None None None 2024-01-02 08:24:44 UTC
Red Hat Product Errata RHSA-2024:0022 0 None None None 2024-01-02 08:25:25 UTC
Red Hat Product Errata RHSA-2024:0023 0 None None None 2024-01-02 08:26:12 UTC
Red Hat Product Errata RHSA-2024:0024 0 None None None 2024-01-02 08:25:04 UTC
Red Hat Product Errata RHSA-2024:0025 0 None None None 2024-01-02 08:24:23 UTC
Red Hat Product Errata RHSA-2024:0026 0 None None None 2024-01-02 08:28:00 UTC
Red Hat Product Errata RHSA-2024:0027 0 None None None 2024-01-02 08:57:16 UTC
Red Hat Product Errata RHSA-2024:0028 0 None None None 2024-01-02 08:54:37 UTC
Red Hat Product Errata RHSA-2024:0029 0 None None None 2024-01-02 08:56:32 UTC
Red Hat Product Errata RHSA-2024:0030 0 None None None 2024-01-02 08:56:09 UTC

Description Mauro Matteo Cascella 2023-12-20 11:21:26 UTC 
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
Comment 25 errata-xmlrpc 2024-01-02 07:42:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0001 https://access.redhat.com/errata/RHSA-2024:0001
Comment 26 errata-xmlrpc 2024-01-02 08:02:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0002 https://access.redhat.com/errata/RHSA-2024:0002
Comment 27 errata-xmlrpc 2024-01-02 08:10:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0004 https://access.redhat.com/errata/RHSA-2024:0004
Comment 28 errata-xmlrpc 2024-01-02 08:14:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0005 https://access.redhat.com/errata/RHSA-2024:0005
Comment 29 errata-xmlrpc 2024-01-02 08:16:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0012 https://access.redhat.com/errata/RHSA-2024:0012
Comment 30 errata-xmlrpc 2024-01-02 08:22:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0011 https://access.redhat.com/errata/RHSA-2024:0011
Comment 31 errata-xmlrpc 2024-01-02 08:23:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0019 https://access.redhat.com/errata/RHSA-2024:0019
Comment 32 errata-xmlrpc 2024-01-02 08:24:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0025 https://access.redhat.com/errata/RHSA-2024:0025
Comment 33 errata-xmlrpc 2024-01-02 08:24:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0021 https://access.redhat.com/errata/RHSA-2024:0021
Comment 34 errata-xmlrpc 2024-01-02 08:25:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0024 https://access.redhat.com/errata/RHSA-2024:0024
Comment 35 errata-xmlrpc 2024-01-02 08:25:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0022 https://access.redhat.com/errata/RHSA-2024:0022
Comment 36 errata-xmlrpc 2024-01-02 08:26:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0003 https://access.redhat.com/errata/RHSA-2024:0003
Comment 37 errata-xmlrpc 2024-01-02 08:26:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0023 https://access.redhat.com/errata/RHSA-2024:0023
Comment 38 errata-xmlrpc 2024-01-02 08:27:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0026 https://access.redhat.com/errata/RHSA-2024:0026
Comment 39 errata-xmlrpc 2024-01-02 08:54:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0028 https://access.redhat.com/errata/RHSA-2024:0028
Comment 40 errata-xmlrpc 2024-01-02 08:56:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0030 https://access.redhat.com/errata/RHSA-2024:0030
Comment 41 errata-xmlrpc 2024-01-02 08:56:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0029 https://access.redhat.com/errata/RHSA-2024:0029
Comment 42 errata-xmlrpc 2024-01-02 08:57:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0027 https://access.redhat.com/errata/RHSA-2024:0027
Note You need to log in before you can comment on or make changes to this bug.