9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.8%
Software: thunderbird 102.14.0
OS: rosa-server79
package_evr_string: thunderbird-102.14.0-3.res7.x86_64.rpm
CVE-ID: CVE-2023-3417
BDU-ID: 2023-03965
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text direction in file names. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks
CVE-STATUS: Fixed
CVE-REV: Run yum update firefox to close it
CVE-ID: CVE-2023-4045
BDU-ID: 2023-04326
CVE-Crit: CRITICAL
CVE-DESC.: A vulnerability in the OffscreenCanvas feature of Firefox, Firefox ESR browsers is related to the use of an untrusted cross-domain policy file. Exploitation of the vulnerability allows an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run yum update firefox command
CVE-ID: CVE-2023-4046
BDU-ID: 2023-04327
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the WASM JIT component of Firefox, Firefox ESR browsers is related to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update firefox command
CVE-ID: CVE-2023-4047
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A bug in the calculation of pop-up notification delay could allow an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14 and Firefox ESR < 115.1.
CVE-STATUS: Fixed
CVE-REV: To close, execute the yum update firefox command
CVE-ID: CVE-2023-4048
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Reading outside of bounds could cause HTML parsing with DOMParser to fail in memory-starved situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14 and Firefox ESR < 115.1.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update firefox command
CVE-ID: CVE-2023-4049
BDU-ID: 2023-04325
CVE-Crit: CRITICAL
CVE-DESC.: A vulnerability in Firefox, Firefox ESR browsers is related to memory usage after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run yum update firefox command
CVE-ID: CVE-2023-4050
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: In some cases, an unreliable input stream was copied to the stack buffer without checking its size. This resulted in a potentially dangerous crash that could lead to a sandbox exit. This vulnerability affects Firefox < 116, Firefox ESR < 102.14 and Firefox ESR < 115.1.
CVE-STATUS: Fixed
CVE-REV: To close, execute the yum update firefox command
CVE-ID: CVE-2023-4055
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: When the number of cookies per domain was exceeded in “document.cookie”, the actual cookie sent to the host no longer matched the expected cookie state. This could have resulted in requests being sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14 and Firefox ESR < 115.1.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update firefox command
CVE-ID: CVE-2023-4056
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: Memory security errors present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these errors indicated memory corruption, and we suspect that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14 and Firefox ESR < 115.1.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update firefox command
CVE-ID: CVE-2023-4057
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: Memory security errors present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these errors indicated memory corruption, and we hypothesize that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1 and Thunderbird < 115.1.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update firefox command
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
rosa | any | noarch | thunderbird | < 102.14.0 | UNKNOWN |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.8%