CVE-2023-0767Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer19 documents9 sources
Severity
8.8HIGHNVD
OSV7.5OSV6.5
EPSS
0.3%
top 49.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedJun 2
Latest updateJul 15

Description

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

CVEListV5mozilla/firefoxunspecified110
NVDmozilla/firefox< 110.0
CVEListV5mozilla/firefox_esrunspecified102.8
NVDmozilla/firefox_esr< 102.8
Ubuntumozilla/firefox< 110.0+build3-0ubuntu0.18.04.1+3

🔴Vulnerability Details

8
GHSA
GHSA-687w-wqw8-qq8j: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis2023-06-02
OSV
CVE-2023-0767: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis2023-06-02
CVEList
CVE-2023-0767: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis2023-06-02
OSV
thunderbird vulnerabilities2023-03-13
OSV
nss vulnerability2023-03-06

📋Vendor Advisories

10
Oracle
Oracle Oracle Communications Risk Matrix: Platform (NSS) — CVE-2023-07672023-07-15
Ubuntu
Thunderbird vulnerabilities2023-03-13
Ubuntu
NSS vulnerability2023-03-06
Ubuntu
NSS vulnerabilities2023-02-27
Ubuntu
Firefox vulnerabilities2023-02-20
CVE-2023-0767 — Mozilla Firefox vulnerability | cvebase