CVE-2023-29532

2023-06-1900:00:00

ubuntu.com

mozilla maintenance service

unsigned update

smb server

windows

vulnerability

firefox

thunderbird

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

A local attacker can trick the Mozilla Maintenance Service into applying an
unsigned update file by pointing the service at an update file on a
malicious SMB server. The update file can be replaced after the signature
check, before the use, because the write-lock requested by the service does
not work on a SMB server. Note: This attack requires local system access
and only affects Windows. Other operating systems are not affected. This
vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird
< 102.10.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap
rodrigo-zaiden	macOS issue only

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmozjs38< anyUNKNOWN
ubuntu18.04noarchmozjs52< anyUNKNOWN
ubuntu20.04noarchmozjs52< anyUNKNOWN
ubuntu20.04noarchmozjs68< anyUNKNOWN
ubuntu22.04noarchmozjs78< anyUNKNOWN
ubuntu22.04noarchmozjs91< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	mozjs38	< any	UNKNOWN
ubuntu	18.04	noarch	mozjs52	< any	UNKNOWN
ubuntu	20.04	noarch	mozjs52	< any	UNKNOWN
ubuntu	20.04	noarch	mozjs68	< any	UNKNOWN
ubuntu	22.04	noarch	mozjs78	< any	UNKNOWN
ubuntu	22.04	noarch	mozjs91	< any	UNKNOWN