Lucene search

[email protected]NVD:CVE-2023-37201

HistoryJul 05, 2023 - 9:15 a.m.

CVE-2023-37201

2023-07-0509:15:09

CWE-416

[email protected]

web.nvd.nist.gov

use-after-free

webrtc

https

firefox

thunderbird

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Affected configurations

Nvd

Node

mozillafirefoxRange<115.0

mozillafirefox_esrRange<102.13

mozillathunderbirdRange<102.13

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1826002

lists.debian.org/debian-lts-announce/2023/07/msg00006.html

lists.debian.org/debian-lts-announce/2023/07/msg00015.html

www.debian.org/security/2023/dsa-5450

www.debian.org/security/2023/dsa-5451

www.mozilla.org/security/advisories/mfsa2023-22/

www.mozilla.org/security/advisories/mfsa2023-23/

www.mozilla.org/security/advisories/mfsa2023-24/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Related for NVD:CVE-2023-37201