CVE-2023-37211

Summary

CVE	CVE-2023-37211
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-07-05 10:15:00 UTC
Updated	2023-07-12 10:15:00 UTC
Description	Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	12.0	All	All	All
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-5451-1 thunderbird	MISC	www.debian.org
Security Vulnerabilities fixed in Firefox ESR 102.13 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox 115 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Thunderbird 102.13 — Mozilla	MISC	www.mozilla.org
Bug List	MISC	bugzilla.mozilla.org
Debian -- Security Information -- DSA-5450-1 firefox-esr	MISC	www.debian.org
[SECURITY] [DLA 3490-1] thunderbird security update	MISC	lists.debian.org
[SECURITY] [DLA 3484-1] firefox-esr security update	MISC	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160779 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-4062)
160780 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-4064)
160781 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-4063)
160782 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-4076)
160783 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-4071)
160805 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-4079)
199447 Ubuntu Security Notification for Firefox Vulnerabilities (USN-6201-1)
199457 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-6214-1)
199467 Ubuntu Security Notification for SpiderMonkey Vulnerabilities (USN-6227-1)
241793 Red Hat Update for firefox (RHSA-2023:4069)
241794 Red Hat Update for thunderbird (RHSA-2023:4063)
241795 Red Hat Update for firefox (RHSA-2023:4070)
241796 Red Hat Update for thunderbird (RHSA-2023:4065)
241800 Red Hat Update for firefox (RHSA-2023:4073)
241801 Red Hat Update for thunderbird (RHSA-2023:4062)
241802 Red Hat Update for thunderbird (RHSA-2023:4068)
241803 Red Hat Update for firefox (RHSA-2023:4079)
241804 Red Hat Update for firefox (RHSA-2023:4071)
241806 Red Hat Update for thunderbird (RHSA-2023:4064)
241807 Red Hat Update for firefox (RHSA-2023:4075)
241808 Red Hat Update for thunderbird (RHSA-2023:4074)
241809 Red Hat Update for firefox (RHSA-2023:4072)
241810 Red Hat Update for thunderbird (RHSA-2023:4067)
241812 Red Hat Update for thunderbird (RHSA-2023:4066)
241813 Red Hat Update for firefox (RHSA-2023:4076)
296103 Oracle Solaris 11.4 Support Repository Update (SRU) 61.151.2 Missing (CPUJUL2023)
355696 Amazon Linux Security Advisory for thunderbird : ALAS2-2023-2156
356273 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-001
356501 Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-001
378628 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-23)
378629 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-24)
378630 Mozilla Firefox Multiple Vulnerabilities (MFSA2023-22)
503457 Alpine Linux Security Update for firefox-esr
506065 Alpine Linux Security Update for firefox-esr
6000007 Debian Security Update for thunderbird (DSA 5451-1)
6000101 Debian Security Update for thunderbird (DLA 3490-1)
6000107 Debian Security Update for firefox-esr (DLA 3484-1)
6000232 Debian Security Update for firefox-esr (DSA 5450-1)
710875 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202402-25)
754172 SUSE Enterprise Linux Security Update for MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2850-1)
754173 SUSE Enterprise Linux Security Update for MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2849-1)
754193 SUSE Enterprise Linux Security Update for MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2886-1)
941178 AlmaLinux Security Update for firefox (ALSA-2023:4076)
941179 AlmaLinux Security Update for thunderbird (ALSA-2023:4063)
941180 AlmaLinux Security Update for firefox (ALSA-2023:4071)
941181 AlmaLinux Security Update for thunderbird (ALSA-2023:4064)
960958 Rocky Linux Security Update for firefox (RLSA-2023:4071)