Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-6862 (GCVE-0-2023-6862)
Vulnerability from cvelistv5 – Published: 2023-12-19 13:38 – Updated: 2025-02-13 17:26
VLAI
EPSS
Summary
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Severity
No CVSS data available.
CWE
- Use-after-free in nsDNSService
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 115.6
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 115.6
(custom)
|
Credits
Randell Jesup
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T20:20:08.739941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T19:18:21.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Randell Jesup"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use-after-free was identified in the \u003ccode\u003ensDNSService::Init\u003c/code\u003e. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6."
}
],
"value": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free in nsDNSService",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:07:08.929Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-6862",
"datePublished": "2023-12-19T13:38:43.100Z",
"dateReserved": "2023-12-15T17:42:56.130Z",
"dateUpdated": "2025-02-13T17:26:37.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-6862",
"date": "2026-05-29",
"epss": "0.00441",
"percentile": "0.63514"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-6862\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2023-12-19T14:15:07.603\",\"lastModified\":\"2024-11-21T08:44:42.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. Esta vulnerabilidad afecta a Firefox ESR \u0026lt;115.6 y Thunderbird \u0026lt;115.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.6\",\"matchCriteriaId\":\"46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.6\",\"matchCriteriaId\":\"1856451B-B03F-4BF2-AEFE-BF66D82D9E78\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1868042\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5581\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5582\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-54/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-55/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1868042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-54/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-55/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1868042\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-54/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-55/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5581\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5582\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:42:08.103Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6862\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-12T20:20:08.739941Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-25T19:18:16.861Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Randell Jesup\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1868042\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-54/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-55/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5581\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5582\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A use-after-free was identified in the \u003ccode\u003ensDNSService::Init\u003c/code\u003e. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Use-after-free in nsDNSService\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-01-07T11:07:08.929Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-6862\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:26:37.198Z\", \"dateReserved\": \"2023-12-15T17:42:56.130Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2023-12-19T13:38:43.100Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2024:0001
Vulnerability from osv_almalinux
Published
2024-01-02 00:00
Modified
2024-01-03 17:21
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.6.0.
Security Fix(es):
- Mozilla: Heap-buffer-overflow affecting WebGL
DrawElementsInstancedmethod with Mesa VM driver (CVE-2023-6856) - Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
- Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
- Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
- Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
- Mozilla: Heap buffer overflow in
nsTextFragment(CVE-2023-6858) - Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
- Mozilla: Potential sandbox escape due to
VideoBridgelack of texture validation (CVE-2023-6860) - Mozilla: Heap buffer overflow affected
nsWindow::PickerOpen(void)in headless mode (CVE-2023-6861) - Mozilla: Use-after-free in
nsDNSService(CVE-2023-6862) - Mozilla: Undefined behavior in
ShutdownObserver()(CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.6.0-1.el9_3.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.6.0.\n\nSecurity Fix(es):\n\n* Mozilla: Heap-buffer-overflow affecting WebGL \u003ccode\u003eDrawElementsInstanced\u003c/code\u003e method with Mesa VM driver (CVE-2023-6856)\n* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)\n* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)\n* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)\n* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)\n* Mozilla: Heap buffer overflow in \u003ccode\u003ensTextFragment\u003c/code\u003e (CVE-2023-6858)\n* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)\n* Mozilla: Potential sandbox escape due to \u003ccode\u003eVideoBridge\u003c/code\u003e lack of texture validation (CVE-2023-6860)\n* Mozilla: Heap buffer overflow affected \u003ccode\u003ensWindow::PickerOpen(void)\u003c/code\u003e in headless mode (CVE-2023-6861)\n* Mozilla: Use-after-free in \u003ccode\u003ensDNSService\u003c/code\u003e (CVE-2023-6862)\n* Mozilla: Undefined behavior in \u003ccode\u003eShutdownObserver()\u003c/code\u003e (CVE-2023-6863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0001",
"modified": "2024-01-03T17:21:11Z",
"published": "2024-01-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0001"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50761"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50762"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6856"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6858"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6859"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6860"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6861"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6862"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6864"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255360"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255362"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255364"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255365"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255367"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255368"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255369"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255370"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255378"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255379"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-0001.html"
}
],
"related": [
"CVE-2023-6856",
"CVE-2023-6864",
"CVE-2023-50761",
"CVE-2023-50762",
"CVE-2023-6857",
"CVE-2023-6858",
"CVE-2023-6859",
"CVE-2023-6860",
"CVE-2023-6861",
"CVE-2023-6862",
"CVE-2023-6863"
],
"summary": "Important: thunderbird security update"
}
alsa-2024:0003
Vulnerability from osv_almalinux
Published
2024-01-02 00:00
Modified
2024-01-04 14:33
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.6.0.
Security Fix(es):
- Mozilla: Heap-buffer-overflow affecting WebGL
DrawElementsInstancedmethod with Mesa VM driver (CVE-2023-6856) - Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
- Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
- Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
- Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
- Mozilla: Heap buffer overflow in
nsTextFragment(CVE-2023-6858) - Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
- Mozilla: Potential sandbox escape due to
VideoBridgelack of texture validation (CVE-2023-6860) - Mozilla: Heap buffer overflow affected
nsWindow::PickerOpen(void)in headless mode (CVE-2023-6861) - Mozilla: Use-after-free in
nsDNSService(CVE-2023-6862) - Mozilla: Undefined behavior in
ShutdownObserver()(CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.6.0-1.el8_9.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.6.0.\n\nSecurity Fix(es):\n\n* Mozilla: Heap-buffer-overflow affecting WebGL \u003ccode\u003eDrawElementsInstanced\u003c/code\u003e method with Mesa VM driver (CVE-2023-6856)\n* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)\n* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)\n* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)\n* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)\n* Mozilla: Heap buffer overflow in \u003ccode\u003ensTextFragment\u003c/code\u003e (CVE-2023-6858)\n* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)\n* Mozilla: Potential sandbox escape due to \u003ccode\u003eVideoBridge\u003c/code\u003e lack of texture validation (CVE-2023-6860)\n* Mozilla: Heap buffer overflow affected \u003ccode\u003ensWindow::PickerOpen(void)\u003c/code\u003e in headless mode (CVE-2023-6861)\n* Mozilla: Use-after-free in \u003ccode\u003ensDNSService\u003c/code\u003e (CVE-2023-6862)\n* Mozilla: Undefined behavior in \u003ccode\u003eShutdownObserver()\u003c/code\u003e (CVE-2023-6863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0003",
"modified": "2024-01-04T14:33:51Z",
"published": "2024-01-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0003"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50761"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50762"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6856"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6858"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6859"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6860"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6861"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6862"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6864"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255360"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255362"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255364"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255365"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255367"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255368"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255369"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255370"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255378"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255379"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0003.html"
}
],
"related": [
"CVE-2023-6856",
"CVE-2023-6864",
"CVE-2023-50761",
"CVE-2023-50762",
"CVE-2023-6857",
"CVE-2023-6858",
"CVE-2023-6859",
"CVE-2023-6860",
"CVE-2023-6861",
"CVE-2023-6862",
"CVE-2023-6863"
],
"summary": "Important: thunderbird security update"
}
alsa-2024:0012
Vulnerability from osv_almalinux
Published
2024-01-02 00:00
Modified
2024-01-04 14:29
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.6.0 ESR.
Security Fix(es):
- Mozilla: Heap-buffer-overflow affecting WebGL
DrawElementsInstancedmethod with Mesa VM driver (CVE-2023-6856) - Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
- Mozilla: Potential exposure of uninitialized data in
EncryptingOutputStream(CVE-2023-6865) - Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
- Mozilla: Heap buffer overflow in
nsTextFragment(CVE-2023-6858) - Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
- Mozilla: Potential sandbox escape due to
VideoBridgelack of texture validation (CVE-2023-6860) - Mozilla: Heap buffer overflow affected
nsWindow::PickerOpen(void)in headless mode (CVE-2023-6861) - Mozilla: Use-after-free in
nsDNSService(CVE-2023-6862) - Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)
- Mozilla: Undefined behavior in
ShutdownObserver()(CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.6.0-1.el8_9.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.6.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Heap-buffer-overflow affecting WebGL \u003ccode\u003eDrawElementsInstanced\u003c/code\u003e method with Mesa VM driver (CVE-2023-6856)\n* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)\n* Mozilla: Potential exposure of uninitialized data in \u003ccode\u003eEncryptingOutputStream\u003c/code\u003e (CVE-2023-6865)\n* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)\n* Mozilla: Heap buffer overflow in \u003ccode\u003ensTextFragment\u003c/code\u003e (CVE-2023-6858)\n* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)\n* Mozilla: Potential sandbox escape due to \u003ccode\u003eVideoBridge\u003c/code\u003e lack of texture validation (CVE-2023-6860)\n* Mozilla: Heap buffer overflow affected \u003ccode\u003ensWindow::PickerOpen(void)\u003c/code\u003e in headless mode (CVE-2023-6861)\n* Mozilla: Use-after-free in \u003ccode\u003ensDNSService\u003c/code\u003e (CVE-2023-6862)\n* Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)\n* Mozilla: Undefined behavior in \u003ccode\u003eShutdownObserver()\u003c/code\u003e (CVE-2023-6863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0012",
"modified": "2024-01-04T14:29:24Z",
"published": "2024-01-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0012"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6856"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6858"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6859"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6860"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6861"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6862"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6864"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6865"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6867"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255360"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255361"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255362"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255364"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255365"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255366"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255367"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255368"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255369"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255370"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0012.html"
}
],
"related": [
"CVE-2023-6856",
"CVE-2023-6864",
"CVE-2023-6865",
"CVE-2023-6857",
"CVE-2023-6858",
"CVE-2023-6859",
"CVE-2023-6860",
"CVE-2023-6861",
"CVE-2023-6862",
"CVE-2023-6867",
"CVE-2023-6863"
],
"summary": "Important: firefox security update"
}
alsa-2024:0025
Vulnerability from osv_almalinux
Published
2024-01-02 00:00
Modified
2024-01-03 17:14
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.6.0 ESR.
Security Fix(es):
- Mozilla: Heap-buffer-overflow affecting WebGL
DrawElementsInstancedmethod with Mesa VM driver (CVE-2023-6856) - Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
- Mozilla: Potential exposure of uninitialized data in
EncryptingOutputStream(CVE-2023-6865) - Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
- Mozilla: Heap buffer overflow in
nsTextFragment(CVE-2023-6858) - Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
- Mozilla: Potential sandbox escape due to
VideoBridgelack of texture validation (CVE-2023-6860) - Mozilla: Heap buffer overflow affected
nsWindow::PickerOpen(void)in headless mode (CVE-2023-6861) - Mozilla: Use-after-free in
nsDNSService(CVE-2023-6862) - Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)
- Mozilla: Undefined behavior in
ShutdownObserver()(CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.6.0-1.el9_3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox-x11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.6.0-1.el9_3.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.6.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Heap-buffer-overflow affecting WebGL \u003ccode\u003eDrawElementsInstanced\u003c/code\u003e method with Mesa VM driver (CVE-2023-6856)\n* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)\n* Mozilla: Potential exposure of uninitialized data in \u003ccode\u003eEncryptingOutputStream\u003c/code\u003e (CVE-2023-6865)\n* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)\n* Mozilla: Heap buffer overflow in \u003ccode\u003ensTextFragment\u003c/code\u003e (CVE-2023-6858)\n* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)\n* Mozilla: Potential sandbox escape due to \u003ccode\u003eVideoBridge\u003c/code\u003e lack of texture validation (CVE-2023-6860)\n* Mozilla: Heap buffer overflow affected \u003ccode\u003ensWindow::PickerOpen(void)\u003c/code\u003e in headless mode (CVE-2023-6861)\n* Mozilla: Use-after-free in \u003ccode\u003ensDNSService\u003c/code\u003e (CVE-2023-6862)\n* Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)\n* Mozilla: Undefined behavior in \u003ccode\u003eShutdownObserver()\u003c/code\u003e (CVE-2023-6863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0025",
"modified": "2024-01-03T17:14:01Z",
"published": "2024-01-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0025"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6856"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6858"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6859"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6860"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6861"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6862"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6864"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6865"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-6867"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255360"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255361"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255362"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255364"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255365"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255366"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255367"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255368"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255369"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2255370"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-0025.html"
}
],
"related": [
"CVE-2023-6856",
"CVE-2023-6864",
"CVE-2023-6865",
"CVE-2023-6857",
"CVE-2023-6858",
"CVE-2023-6859",
"CVE-2023-6860",
"CVE-2023-6861",
"CVE-2023-6862",
"CVE-2023-6867",
"CVE-2023-6863"
],
"summary": "Important: firefox security update"
}
Title
Уязвимость файла nsDNSService::Init браузера Mozilla Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость файла nsDNSService::Init браузеров Mozilla Firefox ESR и почтового клиента Thunderbird связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», АО «ИВК», Mozilla Corp., АО "НППКТ"
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), АЛЬТ СП 10, Thunderbird, Firefox ESR, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (АЛЬТ СП 10), до 115.6 (Thunderbird), до 115.6 (Firefox ESR), до 2.10 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Mozilla Corp.:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-6862
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx (версия 2.10):
Обновление программного обеспечения thunderbird до версии 1:115.9.0+repack-1~deb10u1.osnova1
Обновление программного обеспечения firefox-esr до версии 115.8.0esr+repack-1~deb10u1.osnova1
Для ОС Astra Linux:
обновить пакет thunderbird до 1:115.12.0+build3-0ubuntu0.20.04.1+ci202406211519+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для РЕД ОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Astra Linux Special Edition 1.6 «Смоленск»::
обновить пакет thunderbird до 1:115.12.1+build1-0ubuntu0.20.04.1~mt1+ci202406211521+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет thunderbird до 1:115.16.0+build2-0ubuntu0.20.04.1~mt1+ci202410141704+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Reference
https://cxsecurity.com/cveshow/CVE-2023-6862
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/
https://www.cybersecurity-help.cz/vdb/SB2023121946
https://security-tracker.debian.org/tracker/CVE-2023-6862
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 115.6 (Thunderbird), \u0434\u043e 115.6 (Firefox ESR), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-6862\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:115.9.0+repack-1~deb10u1.osnova1\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 115.8.0esr+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.12.0+build3-0ubuntu0.20.04.1+ci202406211519+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.12.1+build1-0ubuntu0.20.04.1~mt1+ci202406211521+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.16.0+build2-0ubuntu0.20.04.1~mt1+ci202410141704+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.12.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-09062",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-6862",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041b\u042c\u0422 \u0421\u041f 10, Thunderbird, Firefox ESR, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 nsDNSService::Init \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Mozilla Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 nsDNSService::Init \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u042d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Firefox \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043d\u0430 \u0431\u0430\u0437\u0435 Unix (Android, Linux, MacOS). Windows \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u0430.",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cxsecurity.com/cveshow/CVE-2023-6862\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/\nhttps://www.cybersecurity-help.cz/vdb/SB2023121946\nhttps://security-tracker.debian.org/tracker/CVE-2023-6862\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2023-AVI-1048
Vulnerability from certfr_avis - Published: 2023-12-20 - Updated: 2023-12-20
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 121 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 115.6 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.6 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 121",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 115.6",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.6",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6867"
},
{
"name": "CVE-2023-6862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6862"
},
{
"name": "CVE-2023-50762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50762"
},
{
"name": "CVE-2023-6857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6857"
},
{
"name": "CVE-2023-6858",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6858"
},
{
"name": "CVE-2023-6869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6869"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6865"
},
{
"name": "CVE-2023-6868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6868"
},
{
"name": "CVE-2023-6861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6861"
},
{
"name": "CVE-2023-50761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50761"
},
{
"name": "CVE-2023-6870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6870"
},
{
"name": "CVE-2023-6871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6871"
},
{
"name": "CVE-2023-6860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6860"
},
{
"name": "CVE-2023-6864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6864"
},
{
"name": "CVE-2023-6863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6863"
},
{
"name": "CVE-2023-6872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6872"
},
{
"name": "CVE-2023-6859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6859"
},
{
"name": "CVE-2023-6873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6873"
},
{
"name": "CVE-2023-6856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6856"
},
{
"name": "CVE-2023-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6866"
}
],
"initial_release_date": "2023-12-20T00:00:00",
"last_revision_date": "2023-12-20T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Mozilla\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution\nde code arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-56 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-54 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-55 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/"
}
]
}
FKIE_CVE-2023-6862
Vulnerability from fkie_nvd - Published: 2023-12-19 14:15 - Updated: 2024-11-21 08:44
Severity
Summary
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1868042 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html | Mailing List, Third Party Advisory | |
| security@mozilla.org | https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html | Mailing List, Third Party Advisory | |
| security@mozilla.org | https://security.gentoo.org/glsa/202401-10 | Third Party Advisory | |
| security@mozilla.org | https://www.debian.org/security/2023/dsa-5581 | Third Party Advisory | |
| security@mozilla.org | https://www.debian.org/security/2023/dsa-5582 | Third Party Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2023-54/ | Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2023-55/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1868042 | Issue Tracking, Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-10 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5581 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5582 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2023-54/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2023-55/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B",
"versionEndExcluding": "115.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78",
"versionEndExcluding": "115.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6."
},
{
"lang": "es",
"value": "Se identific\u00f3 un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. Esta vulnerabilidad afecta a Firefox ESR \u0026lt;115.6 y Thunderbird \u0026lt;115.6."
}
],
"id": "CVE-2023-6862",
"lastModified": "2024-11-21T08:44:42.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-19T14:15:07.603",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5X56-7CPG-238G
Vulnerability from github – Published: 2023-12-19 15:30 – Updated: 2023-12-22 12:31
VLAI
Details
A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-6862"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-19T14:15:07Z",
"severity": "HIGH"
},
"details": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.",
"id": "GHSA-5x56-7cpg-238g",
"modified": "2023-12-22T12:31:46Z",
"published": "2023-12-19T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6862"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-6862
Vulnerability from gsd - Updated: 2023-12-16 06:01Details
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-6862"
],
"details": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.",
"id": "GSD-2023-6862",
"modified": "2023-12-16T06:01:29.306967Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2023-6862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "115.6"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "115.6"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Randell Jesup"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in nsDNSService"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-54/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-55/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"
},
{
"name": "https://www.debian.org/security/2023/dsa-5581",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"name": "https://www.debian.org/security/2023/dsa-5582",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"name": "https://security.gentoo.org/glsa/202401-10",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202401-10"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B",
"versionEndExcluding": "115.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78",
"versionEndExcluding": "115.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6."
},
{
"lang": "es",
"value": "Se identific\u00f3 un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. Esta vulnerabilidad afecta a Firefox ESR \u0026lt;115.6 y Thunderbird \u0026lt;115.6."
}
],
"id": "CVE-2023-6862",
"lastModified": "2024-02-02T02:42:37.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-19T14:15:07.603",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:13519-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaThunderbird-115.6.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: MozillaThunderbird-115.6.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the MozillaThunderbird-115.6.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13519
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
35 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-50761/ | self |
| https://www.suse.com/security/cve/CVE-2023-50762/ | self |
| https://www.suse.com/security/cve/CVE-2023-6856/ | self |
| https://www.suse.com/security/cve/CVE-2023-6857/ | self |
| https://www.suse.com/security/cve/CVE-2023-6858/ | self |
| https://www.suse.com/security/cve/CVE-2023-6859/ | self |
| https://www.suse.com/security/cve/CVE-2023-6860/ | self |
| https://www.suse.com/security/cve/CVE-2023-6861/ | self |
| https://www.suse.com/security/cve/CVE-2023-6862/ | self |
| https://www.suse.com/security/cve/CVE-2023-6863/ | self |
| https://www.suse.com/security/cve/CVE-2023-6864/ | self |
| https://www.suse.com/security/cve/CVE-2023-50761 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-50762 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6856 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6857 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6858 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6859 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6860 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6861 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6862 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6863 | external |
| https://bugzilla.suse.com/1217974 | external |
| https://www.suse.com/security/cve/CVE-2023-6864 | external |
| https://bugzilla.suse.com/1217974 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaThunderbird-115.6.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaThunderbird-115.6.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13519",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13519-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-50761 page",
"url": "https://www.suse.com/security/cve/CVE-2023-50761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-50762 page",
"url": "https://www.suse.com/security/cve/CVE-2023-50762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6856 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6857 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6858 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6859 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6860 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6861 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6862 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6864 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6864/"
}
],
"title": "MozillaThunderbird-115.6.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13519-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.6.0-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-115.6.0-1.1.aarch64",
"product_id": "MozillaThunderbird-115.6.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-115.6.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-115.6.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.6.0-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-115.6.0-1.1.ppc64le",
"product_id": "MozillaThunderbird-115.6.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.6.0-1.1.s390x",
"product": {
"name": "MozillaThunderbird-115.6.0-1.1.s390x",
"product_id": "MozillaThunderbird-115.6.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"product_id": "MozillaThunderbird-translations-common-115.6.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"product_id": "MozillaThunderbird-translations-other-115.6.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.6.0-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-115.6.0-1.1.x86_64",
"product_id": "MozillaThunderbird-115.6.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-115.6.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-115.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-115.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x"
},
"product_reference": "MozillaThunderbird-115.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-115.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-115.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-50761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-50761"
}
],
"notes": [
{
"category": "general",
"text": "The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird \u003c 115.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-50761",
"url": "https://www.suse.com/security/cve/CVE-2023-50761"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-50761",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-50761"
},
{
"cve": "CVE-2023-50762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-50762"
}
],
"notes": [
{
"category": "general",
"text": "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird \u003c 115.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-50762",
"url": "https://www.suse.com/security/cve/CVE-2023-50762"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-50762",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-50762"
},
{
"cve": "CVE-2023-6856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6856"
}
],
"notes": [
{
"category": "general",
"text": "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6856",
"url": "https://www.suse.com/security/cve/CVE-2023-6856"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6856",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6856"
},
{
"cve": "CVE-2023-6857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6857"
}
],
"notes": [
{
"category": "general",
"text": "When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. \n*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6857",
"url": "https://www.suse.com/security/cve/CVE-2023-6857"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6857",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6857"
},
{
"cve": "CVE-2023-6858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6858"
}
],
"notes": [
{
"category": "general",
"text": "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6858",
"url": "https://www.suse.com/security/cve/CVE-2023-6858"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6858",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6858"
},
{
"cve": "CVE-2023-6859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6859"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6859",
"url": "https://www.suse.com/security/cve/CVE-2023-6859"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6859",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6859"
},
{
"cve": "CVE-2023-6860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6860"
}
],
"notes": [
{
"category": "general",
"text": "The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6860",
"url": "https://www.suse.com/security/cve/CVE-2023-6860"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6860",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6860"
},
{
"cve": "CVE-2023-6861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6861"
}
],
"notes": [
{
"category": "general",
"text": "The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6861",
"url": "https://www.suse.com/security/cve/CVE-2023-6861"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6861",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6861"
},
{
"cve": "CVE-2023-6862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6862"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6862",
"url": "https://www.suse.com/security/cve/CVE-2023-6862"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6862",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6862"
},
{
"cve": "CVE-2023-6863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6863"
}
],
"notes": [
{
"category": "general",
"text": "The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6863",
"url": "https://www.suse.com/security/cve/CVE-2023-6863"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6863",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6863"
},
{
"cve": "CVE-2023-6864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6864"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6864",
"url": "https://www.suse.com/security/cve/CVE-2023-6864"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6864",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.6.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6864"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…