Lucene search

PRIOn knowledge basePRION:CVE-2023-6205

HistoryNov 21, 2023 - 3:15 p.m.

Code injection

2023-11-2115:15:00

PRIOn knowledge base

www.prio-n.com

code injection

messageport

exploitable crash

firefox

thunderbird

vulnerability

nvd

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.2%

JSON

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
debian_linuxeq12.0
firefoxlt120.0
firefox_esrlt115.5.0
thunderbirdlt115.5

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
debian_linux	eq	12.0
firefox	lt	120.0
firefox_esr	lt	115.5.0
thunderbird	lt	115.5

References

bugzilla.mozilla.org/show_bug.cgi?id=1854076

lists.debian.org/debian-lts-announce/2023/11/msg00017.html

lists.debian.org/debian-lts-announce/2023/11/msg00030.html

www.debian.org/security/2023/dsa-5561

www.mozilla.org/security/advisories/mfsa2023-49/

www.mozilla.org/security/advisories/mfsa2023-50/

www.mozilla.org/security/advisories/mfsa2023-52/