Lucene search
Mozilla FoundationMFSA2023-40HistorySep 12, 2023 - 12:00 a.m.
Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla
2023-09-1200:00:00
Mozilla Foundation
www.mozilla.org
69
firefox
thunderbird
security
vulnerability
webp
heap buffer overflow
content process
exploited
cve-2023-5129
mozilla
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.609 Medium
EPSS
Percentile
97.8%
Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-5129.
Affected configurations
Node
mozillafirefoxRange<117.0.1
ORmozillafirefox_esrRange<102.15.1
ORmozillafirefox_esrRange<115.2.1
ORmozillathunderbirdRange<102.15.1
ORmozillathunderbirdRange<115.2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 117.0.1 | |
| firefox esr | lt | 102.15.1 | |
| firefox esr | lt | 115.2.1 | |
| thunderbird | lt | 102.15.1 | |
| thunderbird | lt | 115.2.2 |
Related
kaspersky
kaspersky
KLA60726 DoS vulnerability in Mozilla Firefox ESR
2023-09-12 00:00:00
KLA60725 DoS vulnerability in Mozilla Thunderbird
2023-09-12 00:00:00
KLA60727 DoS vulnerability in Mozilla Firefox
2023-09-12 00:00:00
redhat
redhat
(RHSA-2023:5192) Important: firefox security update
2023-09-18 12:53:16
(RHSA-2023:5187) Important: firefox security update
2023-09-18 12:53:07
(RHSA-2023:5197) Important: firefox security update
2023-09-18 12:54:43
nessus
nessus
RHEL 8 : thunderbird (RHSA-2023:5186)
2023-09-18 00:00:00
RHEL 8 : firefox (RHSA-2023:5184)
2023-09-18 00:00:00
RHEL 8 : libwebp (RHSA-2023:5309)
2023-09-20 00:00:00
ubuntucve
ubuntucve
CVE-2023-5129
2023-09-25 00:00:00
osv
osv
CVE-2023-4863
2023-09-12 15:15:24
Important: thunderbird security update
2023-10-06 22:57:16
libwebp: OOB write in BuildHuffmanTable
2023-09-12 12:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2023-40) - Linux
2023-09-13 00:00:00
Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)
2023-10-16 00:00:00
Fedora: Security Advisory for libwebp (FEDORA-2023-2a0668fe43)
2023-10-01 00:00:00
alpinelinux
alpinelinux
CVE-2023-5129
2023-09-25 21:15:16
redhatcve
redhatcve
CVE-2023-5129
2023-09-27 17:55:08
cnvd
cnvd
Google libwebp open source library remote code execution vulnerability
2023-09-27 00:00:00
Google Chrome Buffer Overflow Vulnerability (CNVD-2023-71680)
2023-09-15 00:00:00
github
github
Bundled libwebp in imagecodecs vulnerable
2023-10-05 00:07:46
Bundled libwebp in Pillow vulnerable
2023-10-05 00:06:58
nvd
nvd
CVE-2023-5129
2023-09-25 21:15:16
CVE-2023-4863
2023-09-12 15:15:24
attackerkb
attackerkb
CVE-2023-5129
2023-09-25 00:00:00
CVE-2023-4863
2023-09-12 00:00:00
rocky
rocky
thunderbird security update
2023-10-06 22:57:16
libwebp security update
2023-10-06 22:58:06
firefox security update
2023-09-19 12:09:00
prion
prion
Open redirect
2023-09-25 21:15:00
Heap overflow
2023-09-12 15:15:00
f5
f5
K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129
2023-09-29 00:00:00
cve
cve
CVE-2023-5129
2023-09-25 21:15:16
CVE-2023-4863
2023-09-12 15:15:24
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0657
2023-09-28 00:00:00
talosblog
talosblog
The security pitfalls of social media sites offering ID-based authentication
2023-09-28 18:00:11
debiancve
debiancve
CVE-2023-5129
2023-09-25 21:15:00
cvelist
cvelist
CVE-2023-5129
2023-09-25 20:42:25
CVE-2023-4863
2023-09-12 14:24:59
fedora
fedora
[SECURITY] Fedora 38 Update: firefox-118.0.1-4.fc38
2023-10-06 01:31:45
[SECURITY] Fedora 37 Update: firefox-118.0.1-7.fc37
2023-10-10 01:33:42
[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39
2023-09-15 19:54:26
redos
redos
ROS-20240404-15
2024-04-04 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2023-09-14 02:32:34
[slackware-security] seamonkey
2023-09-21 19:43:16
freebsd
freebsd
graphics/webp heap buffer overflow
2023-09-12 00:00:00
libwebp heap buffer overflow
2023-09-12 00:00:00
paloalto
paloalto
Impact of libwebp Vulnerability CVE-2023-4863
2023-10-02 23:40:00
mageia
mageia
Updated libwebp packages fix a security vulnerability
2023-10-03 13:53:29
cgr
cgr
CVE-2023-4863 vulnerabilities
2024-05-19 03:07:16
oraclelinux
oraclelinux
thunderbird security update
2023-09-19 00:00:00
firefox security update
2023-09-19 00:00:00
libwebp security update
2023-09-20 00:00:00
hp
hp
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Google Chrome
2023-09-21 05:22:51
Exploit for Out-of-bounds Write in Google Chrome
2023-11-11 06:51:03
chrome
chrome
Stable Channel Update for Desktop
2023-09-11 00:00:00
thn
thn
ubuntu
ubuntu
Firefox vulnerability
2023-09-14 00:00:00
veracode
veracode
Heap Buffer Overflow
2023-09-15 13:45:13
almalinux
almalinux
Important: firefox security update
2023-09-18 00:00:00
amazon
amazon
Important: thunderbird
2023-10-12 15:08:00
Important: libwebp12
2023-10-12 15:08:00
Important: thunderbird
2023-10-12 15:08:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.609 Medium
EPSS
Percentile
97.8%
Related for MFSA2023-40