Bug 2228370 (CVE-2023-4056) - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
Summary: CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 1...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-4056
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2225291 2225292 2225293 2225294 2225295 2225296 2225297 2225298 2225299 2225300 2225303 2225304 2225305 2225306 2225307 2225308 2225309 2225310 2225311 2225312 2226760 2226761
Blocks: 2225289
TreeView+ depends on / blocked
 
Reported: 2023-08-02 07:53 UTC by Dhananjay Arunesh
Modified: 2023-08-10 07:49 UTC (History)
8 users (show)

Fixed In Version: firefox 102.14, firefox 115.1, thunderbird 102.14, thunderbird 115.1
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2023-08-07 13:39:31 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4460 0 None None None 2023-08-03 12:36:12 UTC
Red Hat Product Errata RHSA-2023:4461 0 None None None 2023-08-03 12:56:27 UTC
Red Hat Product Errata RHSA-2023:4462 0 None None None 2023-08-03 12:56:47 UTC
Red Hat Product Errata RHSA-2023:4463 0 None None None 2023-08-03 12:58:17 UTC
Red Hat Product Errata RHSA-2023:4464 0 None None None 2023-08-03 12:58:01 UTC
Red Hat Product Errata RHSA-2023:4465 0 None None None 2023-08-03 12:59:06 UTC
Red Hat Product Errata RHSA-2023:4468 0 None None None 2023-08-03 13:51:25 UTC
Red Hat Product Errata RHSA-2023:4469 0 None None None 2023-08-03 13:45:07 UTC
Red Hat Product Errata RHSA-2023:4492 0 None None None 2023-08-07 08:10:31 UTC
Red Hat Product Errata RHSA-2023:4493 0 None None None 2023-08-07 08:25:09 UTC
Red Hat Product Errata RHSA-2023:4494 0 None None None 2023-08-07 08:23:29 UTC
Red Hat Product Errata RHSA-2023:4495 0 None None None 2023-08-07 08:37:32 UTC
Red Hat Product Errata RHSA-2023:4496 0 None None None 2023-08-07 08:37:59 UTC
Red Hat Product Errata RHSA-2023:4497 0 None None None 2023-08-07 08:40:11 UTC
Red Hat Product Errata RHSA-2023:4499 0 None None None 2023-08-07 08:39:40 UTC
Red Hat Product Errata RHSA-2023:4500 0 None None None 2023-08-07 08:45:20 UTC

Description Dhananjay Arunesh 2023-08-02 07:53:29 UTC 
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056
Comment 1 errata-xmlrpc 2023-08-03 12:36:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4460 https://access.redhat.com/errata/RHSA-2023:4460
Comment 2 errata-xmlrpc 2023-08-03 12:56:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4461 https://access.redhat.com/errata/RHSA-2023:4461
Comment 3 errata-xmlrpc 2023-08-03 12:56:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4462 https://access.redhat.com/errata/RHSA-2023:4462
Comment 4 errata-xmlrpc 2023-08-03 12:57:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4464 https://access.redhat.com/errata/RHSA-2023:4464
Comment 5 errata-xmlrpc 2023-08-03 12:58:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4463 https://access.redhat.com/errata/RHSA-2023:4463
Comment 6 errata-xmlrpc 2023-08-03 12:59:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4465 https://access.redhat.com/errata/RHSA-2023:4465
Comment 7 errata-xmlrpc 2023-08-03 13:45:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4469 https://access.redhat.com/errata/RHSA-2023:4469
Comment 8 errata-xmlrpc 2023-08-03 13:51:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4468 https://access.redhat.com/errata/RHSA-2023:4468
Comment 9 errata-xmlrpc 2023-08-07 08:10:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4492 https://access.redhat.com/errata/RHSA-2023:4492
Comment 10 errata-xmlrpc 2023-08-07 08:23:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4494 https://access.redhat.com/errata/RHSA-2023:4494
Comment 11 errata-xmlrpc 2023-08-07 08:25:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4493 https://access.redhat.com/errata/RHSA-2023:4493
Comment 12 errata-xmlrpc 2023-08-07 08:37:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4495 https://access.redhat.com/errata/RHSA-2023:4495
Comment 13 errata-xmlrpc 2023-08-07 08:37:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4496 https://access.redhat.com/errata/RHSA-2023:4496
Comment 14 errata-xmlrpc 2023-08-07 08:39:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4499 https://access.redhat.com/errata/RHSA-2023:4499
Comment 15 errata-xmlrpc 2023-08-07 08:40:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4497 https://access.redhat.com/errata/RHSA-2023:4497
Comment 16 errata-xmlrpc 2023-08-07 08:45:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4500 https://access.redhat.com/errata/RHSA-2023:4500
Comment 17 Product Security DevOps Team 2023-08-07 13:39:29 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-4056
Note You need to log in before you can comment on or make changes to this bug.