Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-37202HistoryJul 05, 2023 - 9:15 a.m.
CVE-2023-37202
2023-07-0509:15:09
Debian Security Bug Tracker
security-tracker.debian.org
15
cve-2023-37202
cross-compartment wrappers
scripted proxy
use-after-free
firefox
thunderbird
unix
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.2%
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 115.0-1 | firefox_115.0-1_all.deb |
| Debian | 12 | all | firefox-esr | < 102.13.0esr-1~deb12u1 | firefox-esr_102.13.0esr-1~deb12u1_all.deb |
| Debian | 11 | all | firefox-esr | < 102.13.0esr-1~deb11u1 | firefox-esr_102.13.0esr-1~deb11u1_all.deb |
| Debian | 999 | all | firefox-esr | < 102.13.0esr-1 | firefox-esr_102.13.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 102.13.0esr-1 | firefox-esr_102.13.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:102.13.0-1~deb12u1 | thunderbird_1:102.13.0-1~deb12u1_all.deb |
| Debian | 11 | all | thunderbird | < 1:102.13.0-1~deb11u1 | thunderbird_1:102.13.0-1~deb11u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:102.13.0-1 | thunderbird_1:102.13.0-1_all.deb |
| Debian | 13 | all | thunderbird | < 1:102.13.0-1 | thunderbird_1:102.13.0-1_all.deb |
Related
cve
cve
CVE-2023-37202
2023-07-05 09:15:09
redhatcve
redhatcve
CVE-2023-37202
2023-07-05 06:47:26
veracode
veracode
Use After Free
2023-08-06 21:51:00
prion
prion
Design/Logic Flaw
2023-07-05 09:15:00
ubuntucve
ubuntucve
CVE-2023-37202
2023-07-05 00:00:00
cvelist
cvelist
CVE-2023-37202
2023-07-05 08:52:01
alpinelinux
alpinelinux
CVE-2023-37202
2023-07-05 09:15:09
nvd
nvd
CVE-2023-37202
2023-07-05 09:15:09
ubuntu
ubuntu
SpiderMonkey vulnerabilities
2023-07-13 00:00:00
Thunderbird vulnerabilities
2023-07-11 00:00:00
Firefox vulnerabilities
2023-07-05 00:00:00
osv
osv
mozjs102 vulnerabilities
2023-07-13 12:21:26
firefox-esr - security update
2023-07-07 00:00:00
Important: thunderbird security update
2023-07-13 00:00:00
nessus
nessus
Ubuntu 22.04 LTS / 23.04 : SpiderMonkey vulnerabilities (USN-6227-1)
2023-07-13 00:00:00
Oracle Linux 7 : firefox (ELSA-2023-4079)
2023-07-21 00:00:00
RHEL 8 : thunderbird (RHSA-2023:4065)
2023-07-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6227-1)
2023-07-14 00:00:00
Debian: Security Advisory (DSA-5451-1)
2023-07-11 00:00:00
debian
debian
[SECURITY] [DSA 5450-1] firefox-esr security update
2023-07-07 17:43:57
[SECURITY] [DSA 5451-1] thunderbird security update
2023-07-09 18:30:19
[SECURITY] [DLA 3490-1] thunderbird security update
2023-07-11 07:27:23
oraclelinux
oraclelinux
thunderbird security update
2023-07-21 00:00:00
firefox security update
2023-07-17 00:00:00
firefox security update
2023-07-17 00:00:00
redhat
redhat
(RHSA-2023:4068) Important: thunderbird security update
2023-07-13 07:34:19
(RHSA-2023:4073) Important: firefox security update
2023-07-13 07:35:42
(RHSA-2023:4065) Important: thunderbird security update
2023-07-13 07:33:07
kaspersky
kaspersky
KLA50559 Multiple vulnerabilities in Mozilla Thunderbird
2023-07-04 00:00:00
KLA50558 Multiple vulnerabilities in Mozilla Firefox ESR
2023-07-04 00:00:00
KLA50557 Multiple vulnerabilities in Mozilla Firefox
2023-07-04 00:00:00
almalinux
almalinux
Important: firefox security update
2023-07-13 00:00:00
Important: thunderbird security update
2023-07-13 00:00:00
Important: firefox security update
2023-07-13 00:00:00
rocky
rocky
firefox security update
2023-07-19 17:53:48
firefox security update
2023-08-31 16:54:34
thunderbird security update
2023-08-31 16:54:34
mageia
mageia
Updated firefox/nss packages fix security vulnerability
2023-07-19 22:53:31
slackware
slackware
[slackware-security] mozilla-firefox
2023-07-04 20:26:36
[slackware-security] mozilla-thunderbird
2023-07-07 23:09:17
amazon
amazon
Important: thunderbird
2023-07-20 17:28:00
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 102.13 — Mozilla
2023-07-04 00:00:00
Security Vulnerabilities fixed in Firefox ESR 102.13 — Mozilla
2023-07-04 00:00:00
Security Vulnerabilities fixed in Firefox 115 — Mozilla
2023-07-04 00:00:00
redos
redos
ROS-20230908-07
2023-09-08 00:00:00
ROS-20230919-04
2023-09-19 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-02-19 00:00:00
ibm
ibm
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.2%
Related for DEBIANCVE:CVE-2023-37202