Bug 2196753 (CVE-2023-32215) - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
Summary: CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox E...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-32215
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2192787 2192788 2192789 2192790 2192791 2192792 2192793 2192794 2192795 2192796 2192797 2192798 2192801 2192802 2192803 2192804 2192805 2192806 2192807 2192808 2192809 2192810 2192811 2192812
Blocks: 2192785
TreeView+ depends on / blocked
 
Reported: 2023-05-10 06:28 UTC by Dhananjay Arunesh
Modified: 2023-07-21 09:56 UTC (History)
7 users (show)

Fixed In Version: firefox 102.11, thunderbird 102.11
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2023-05-18 12:47:14 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3137 0 None None None 2023-05-16 18:47:29 UTC
Red Hat Product Errata RHSA-2023:3138 0 None None None 2023-05-16 18:39:38 UTC
Red Hat Product Errata RHSA-2023:3139 0 None None None 2023-05-16 18:39:57 UTC
Red Hat Product Errata RHSA-2023:3140 0 None None None 2023-05-16 18:52:51 UTC
Red Hat Product Errata RHSA-2023:3141 0 None None None 2023-05-16 19:02:05 UTC
Red Hat Product Errata RHSA-2023:3142 0 None None None 2023-05-16 18:52:43 UTC
Red Hat Product Errata RHSA-2023:3143 0 None None None 2023-05-16 19:03:14 UTC
Red Hat Product Errata RHSA-2023:3149 0 None None None 2023-05-16 19:39:27 UTC
Red Hat Product Errata RHSA-2023:3150 0 None None None 2023-05-16 19:38:55 UTC
Red Hat Product Errata RHSA-2023:3151 0 None None None 2023-05-16 19:42:29 UTC
Red Hat Product Errata RHSA-2023:3152 0 None None None 2023-05-16 19:40:47 UTC
Red Hat Product Errata RHSA-2023:3153 0 None None None 2023-05-16 19:41:01 UTC
Red Hat Product Errata RHSA-2023:3154 0 None None None 2023-05-16 19:41:51 UTC
Red Hat Product Errata RHSA-2023:3155 0 None None None 2023-05-16 19:43:09 UTC
Red Hat Product Errata RHSA-2023:3220 0 None None None 2023-05-18 06:36:29 UTC
Red Hat Product Errata RHSA-2023:3221 0 None None None 2023-05-18 06:36:19 UTC

Description Dhananjay Arunesh 2023-05-10 06:28:32 UTC
Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215

Comment 1 errata-xmlrpc 2023-05-16 18:39:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3138 https://access.redhat.com/errata/RHSA-2023:3138

Comment 2 errata-xmlrpc 2023-05-16 18:39:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3139 https://access.redhat.com/errata/RHSA-2023:3139

Comment 3 errata-xmlrpc 2023-05-16 18:47:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3137 https://access.redhat.com/errata/RHSA-2023:3137

Comment 4 errata-xmlrpc 2023-05-16 18:52:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3142 https://access.redhat.com/errata/RHSA-2023:3142

Comment 5 errata-xmlrpc 2023-05-16 18:52:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3140 https://access.redhat.com/errata/RHSA-2023:3140

Comment 6 errata-xmlrpc 2023-05-16 19:02:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3141 https://access.redhat.com/errata/RHSA-2023:3141

Comment 7 errata-xmlrpc 2023-05-16 19:03:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3143 https://access.redhat.com/errata/RHSA-2023:3143

Comment 8 errata-xmlrpc 2023-05-16 19:38:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3150 https://access.redhat.com/errata/RHSA-2023:3150

Comment 9 errata-xmlrpc 2023-05-16 19:39:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3149 https://access.redhat.com/errata/RHSA-2023:3149

Comment 10 errata-xmlrpc 2023-05-16 19:40:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3152 https://access.redhat.com/errata/RHSA-2023:3152

Comment 11 errata-xmlrpc 2023-05-16 19:40:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3153 https://access.redhat.com/errata/RHSA-2023:3153

Comment 12 errata-xmlrpc 2023-05-16 19:41:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3154 https://access.redhat.com/errata/RHSA-2023:3154

Comment 13 errata-xmlrpc 2023-05-16 19:42:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3151 https://access.redhat.com/errata/RHSA-2023:3151

Comment 14 errata-xmlrpc 2023-05-16 19:43:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3155 https://access.redhat.com/errata/RHSA-2023:3155

Comment 17 errata-xmlrpc 2023-05-18 06:36:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3221 https://access.redhat.com/errata/RHSA-2023:3221

Comment 18 errata-xmlrpc 2023-05-18 06:36:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3220 https://access.redhat.com/errata/RHSA-2023:3220

Comment 19 Product Security DevOps Team 2023-05-18 12:47:11 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-32215


Note You need to log in before you can comment on or make changes to this bug.