CVE-2023-0767
Summary
| CVE | CVE-2023-0767 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-02 17:15:00 UTC |
| Updated | 2023-08-02 16:45:00 UTC |
| Description | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Vulnerabilities fixed in Firefox 110 — Mozilla | MISC | www.mozilla.org | |
| ALAS2-2023-1992 | MISC | alas.aws.amazon.com | |
| Access Denied | MISC | bugzilla.mozilla.org | |
| Security Vulnerabilities fixed in Firefox ESR 102.8 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Thunderbird 102.8 — Mozilla | MISC | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160463 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-0808)
- 160464 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0821)
- 160465 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-0812)
- 160466 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0817)
- 160467 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0824)
- 160468 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-0810)
- 160504 Oracle Enterprise Linux Security Update for nss (ELSA-2023-1252)
- 160511 Oracle Enterprise Linux Security Update for nss (ELSA-2023-1332)
- 160514 Oracle Enterprise Linux Security Update for nss (ELSA-2023-1368)
- 160536 Oracle Enterprise Linux Security Update for nss (ELSA-2023-12238)
- 181561 Debian Security Update for firefox-esr (DSA 5350-1)
- 181562 Debian Security Update for firefox-esr (DLA 3319-1)
- 181592 Debian Security Update for thunderbird (DLA 3324-1)
- 181594 Debian Security Update for nss (DLA 3327-1)
- 181680 Debian Security Update for thunderbird (DSA 5355-1)
- 181681 Debian Security Update for nss (DSA 5353-1)
- 184475 Debian Security Update for firefox-esrthunderbirdnss (CVE-2023-0767)
- 199184 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5880-1)
- 199190 Ubuntu Security Notification for NSS Vulnerabilities (USN-5892-1)
- 199234 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5943-1)
- 199495 Ubuntu Security Notification for NSS Vulnerability (USN-5892-2)
- 241188 Red Hat Update for firefox (RHSA-2023:0809)
- 241189 Red Hat Update for firefox (RHSA-2023:0805)
- 241190 Red Hat Update for firefox (RHSA-2023:0810)
- 241191 Red Hat Update for firefox (RHSA-2023:0807)
- 241192 Red Hat Update for firefox (RHSA-2023:0808)
- 241193 Red Hat Update for firefox (RHSA-2023:0812)
- 241194 Red Hat Update for thunderbird (RHSA-2023:0821)
- 241195 Red Hat Update for thunderbird (RHSA-2023:0820)
- 241197 Red Hat Update for thunderbird (RHSA-2023:0822)
- 241198 Red Hat Update for thunderbird (RHSA-2023:0817)
- 241199 Red Hat Update for thunderbird (RHSA-2023:0824)
- 241200 Red Hat Update for thunderbird (RHSA-2023:0823)
- 241262 Red Hat Update for nss (RHSA-2023:1252)
- 241271 Red Hat Update for nss (RHSA-2023:1332)
- 241277 Red Hat Update for nss (RHSA-2023:1368)
- 241279 Red Hat Update for nss (RHSA-2023:1365)
- 241281 Red Hat Update for nss (RHSA-2023:1369)
- 241282 Red Hat Update for nss (RHSA-2023:1370)
- 241597 Red Hat Update for firefox (RHSA-2023:1479)
- 241613 Red Hat Update for nss (RHSA-2023:1406)
- 241630 Red Hat Update for nss (RHSA-2023:1436)
- 257223 CentOS Security Update for thunderbird (CESA-2023:0817)
- 257224 CentOS Security Update for firefox (CESA-2023:0812)
- 257230 CentOS Security Update for nss (CESA-2023:1332)
- 354801 Amazon Linux Security Advisory for thunderbird : ALAS2-2023-1983
- 354832 Amazon Linux Security Advisory for nss : ALAS2-2023-1992
- 354927 Amazon Linux Security Advisory for nss : ALAS-2023-1736
- 355146 Amazon Linux Security Advisory for nss : ALAS2023-2023-124
- 355382 Amazon Linux Security Advisory for nss : AL2012-2023-411
- 356258 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-007
- 356471 Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-007
- 377975 Mozilla Firefox Multiple Vulnerabilities (MFSA2023-05)
- 377976 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-06)
- 377993 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-07)
- 378774 Alibaba Cloud Linux Security Update for nss (ALINUX3-SA-2023:0094)
- 390279 Oracle Managed Virtualization (VM) Server for x86 Security Update for nss (OVMSA-2023-0014)
- 503455 Alpine Linux Security Update for firefox-esr
- 506063 Alpine Linux Security Update for firefox-esr
- 710735 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202305-36)
- 710739 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202305-35)
- 753710 SUSE Enterprise Linux Security Update for mozilla-nss (SUSE-SU-2023:0434-1)
- 753716 SUSE Enterprise Linux Security Update for mozilla-nss (SUSE-SU-2023:0443-1)
- 753724 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0461-1)
- 753729 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0466-1)
- 753731 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0469-1)
- 753777 SUSE Enterprise Linux Security Update for mozilla-nss (SUSE-SU-2023:0468-1)
- 754204 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0469-1)
- 940934 AlmaLinux Security Update for firefox (ALSA-2023:0808)
- 940935 AlmaLinux Security Update for thunderbird (ALSA-2023:0821)
- 940939 AlmaLinux Security Update for firefox (ALSA-2023:0810)
- 940940 AlmaLinux Security Update for thunderbird (ALSA-2023:0824)
- 940959 AlmaLinux Security Update for nss (ALSA-2023:1252)
- 940964 AlmaLinux Security Update for nss (ALSA-2023:1368)
- 960654 Rocky Linux Security Update for thunderbird (RLSA-2023:0821)
- 960659 Rocky Linux Security Update for thunderbird (RLSA-2023:0824)
- 960660 Rocky Linux Security Update for firefox (RLSA-2023:0808)
- 960663 Rocky Linux Security Update for firefox (RLSA-2023:0810)
- 960883 Rocky Linux Security Update for nss (RLSA-2023:1252)
- 960885 Rocky Linux Security Update for nss (RLSA-2023:1368)