CVE-2023-0767
published 2023-06-02CVE-2023-0767: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled…
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.82%
52.6th percentile
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 110.0-1 (sid) | firefox 110.0-1 (sid) |
| debian | firefox-esr | < firefox 110.0-1 (sid) | firefox 110.0-1 (sid) |
| debian | nss | < firefox 110.0-1 (sid) | firefox 110.0-1 (sid) |
| debian | thunderbird | < firefox 110.0-1 (sid) | firefox 110.0-1 (sid) |
| mozilla | firefox | < 110.0 | 110.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 110.0+build3-0ubuntu0.18.04.1 | 110.0+build3-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 110.0.1+build2-0ubuntu0.18.04.1 | 110.0.1+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 110.0+build3-0ubuntu0.20.04.1 | 110.0+build3-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 110.0.1+build2-0ubuntu0.20.04.1 | 110.0.1+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 110 | 110 |
| mozilla | firefox_esr | < 102.8 | 102.8 |
| mozilla | firefox_esr | >= unspecified < 102.8 | 102.8 |
| mozilla | nss | >= 0 < 2:3.61-1+deb11u3 | 2:3.61-1+deb11u3 |
| mozilla | nss | >= 0 < 2:3.87.1-1 | 2:3.87.1-1 |
| mozilla | nss | >= 0 < 2:3.87.1-1 | 2:3.87.1-1 |
| mozilla | nss | >= 0 < 2:3.87.1-1 | 2:3.87.1-1 |
| mozilla | nss | >= 0 < 2:3.35-2ubuntu2.16 | 2:3.35-2ubuntu2.16 |
| mozilla | nss | >= 0 < 2:3.49.1-1ubuntu1.9 | 2:3.49.1-1ubuntu1.9 |
| mozilla | nss | >= 0 < 2:3.68.2-0ubuntu1.2 | 2:3.68.2-0ubuntu1.2 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.14.04.5+esm12 | 2:3.28.4-0ubuntu0.14.04.5+esm12 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.16.04.14+esm4 | 2:3.28.4-0ubuntu0.16.04.14+esm4 |
| mozilla | thunderbird | < 102.8 | 102.8 |
| mozilla | thunderbird | >= 0 < 1:102.8.0-1~deb11u1 | 1:102.8.0-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:102.8.0-1 | 1:102.8.0-1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_oracle8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: Platform (NSS) — CVE-2023-0767
vendor_oracle·2023-07-15·CVSS 8.8
CVE-2023-0767 [HIGH] Oracle Oracle Communications Risk Matrix: Platform (NSS) — CVE-2023-0767
Oracle Oracle Communications Risk Matrix: Platform (NSS) vulnerability
CVE: CVE-2023-0767
CVSS: 8.8
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2023-03-13·CVSS 6.5
CVE-2023-25737 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-0616, CVE-2023-25735,
CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25742,
CVE-2023-25746)
Johan Carlsson discovered that Thunderbird did not properly implement CSP
policy on a header when using iframes. An attacker could potentially
exploits this to exfiltrate data. (CVE-2023-25728)
Irvan Kurniawan discovered that Thunderbird was not properly handling
Ubuntu
NSS vulnerability
vendor_ubuntu·2023-03-06·CVSS 8.8
CVE-2023-0767 [HIGH] NSS vulnerability
Title: NSS vulnerability
Summary: NSS could be made to crash if it received a specially crafted certificate.
USN-5892-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
Instructions: After a standard system update you need to restart any applications that
use NSS to make all the necessary changes.
Ubuntu
Firefox regressions
vendor_ubuntu·2023-03-01·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-5880-1 caused some minor regressions in Firefox.
USN-5880-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)
Johan Carlsson discovered that Firefox did not properly manage child
iframe's unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)
Vitor Torres discovered that Firefox
Ubuntu
NSS vulnerabilities
vendor_ubuntu·2023-02-27·CVSS 7.5
CVE-2022-3479 [HIGH] NSS vulnerabilities
Title: NSS vulnerabilities
Summary: Several security issues were fixed in NSS.
It was discovered that NSS incorrectly handled client authentication
without a user certificate in the database. A remote attacker could
possibly use this issue to cause a NSS client to crash, resulting in a
denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-3479)
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
Instructions: After a standard system update you need to restart any applications that
use NSS to make all the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2023-02-20·CVSS 8.8
CVE-2023-0767 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)
Johan Carlsson discovered that Firefox did not properly manage child
iframe's unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)
Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via ExpandedPrincipals. An attacker could
potentially exploits this issue to download malicious files or execute
arbitrary code. (
Red Hat
nss: Arbitrary memory write via PKCS 12
vendor_redhat·2023-02-14·CVSS 8.8
CVE-2023-0767 [HIGH] CWE-119 nss: Arbitrary memory write via PKCS 12
nss: Arbitrary memory write via PKCS 12
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
The Mozilla Foundation Security Advisory describes this flaw as:
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Statement: Firefox and Thunderbird in Red Hat Enterprise Linux 8.6 and later are not affected by this vulnerability, as they use the system NSS library. Firefox and Thunderbird in earlier Red Hat Enterprise Linux 8 extended life streams were affected, and should be updated to fixed ver
Debian
CVE-2023-0767: firefox - An attacker could construct a PKCS 12 cert bundle in such a way that could allow...
vendor_debian·2023·CVSS 8.8
CVE-2023-0767 [HIGH] CVE-2023-0767: firefox - An attacker could construct a PKCS 12 cert bundle in such a way that could allow...
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Scope: local
sid: resolved (fixed in 110.0-1)
Mozilla
Mozilla Foundation Security Advisory 2023-05: CVE-2023-0767
vendor_mozilla·CVSS 8.8
CVE-2023-0767 [HIGH] Mozilla Foundation Security Advisory 2023-05: CVE-2023-0767
Mozilla Foundation Security Advisory 2023-05
CVE: CVE-2023-0767
Product: Firefox
Impact: high
Fixed in: Firefox 110
Mozilla
Mozilla Foundation Security Advisory 2023-07: CVE-2023-0767
vendor_mozilla·CVSS 8.8
CVE-2023-0767 [HIGH] Mozilla Foundation Security Advisory 2023-07: CVE-2023-0767
Mozilla Foundation Security Advisory 2023-07
CVE: CVE-2023-0767
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 102.8
Mozilla
Mozilla Foundation Security Advisory 2023-06: CVE-2023-0767
vendor_mozilla·CVSS 8.8
CVE-2023-0767 [HIGH] Mozilla Foundation Security Advisory 2023-06: CVE-2023-0767
Mozilla Foundation Security Advisory 2023-06
CVE: CVE-2023-0767
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 102.8
GHSA
GHSA-687w-wqw8-qq8j: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis
ghsa_unreviewed·2023-06-02
CVE-2023-0767 [HIGH] GHSA-687w-wqw8-qq8j: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
OSV
CVE-2023-0767: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis
osv·2023-06-02·CVSS 8.8
CVE-2023-0767 [HIGH] CVE-2023-0767: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mis
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
OSV
thunderbird vulnerabilities
osv·2023-03-13·CVSS 6.5
CVE-2023-0616 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-0616, CVE-2023-25735,
CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25742,
CVE-2023-25746)
Johan Carlsson discovered that Thunderbird did not properly implement CSP
policy on a header when using iframes. An attacker could potentially
exploits this to exfiltrate data. (CVE-2023-25728)
Irvan Kurniawan discovered that Thunderbird was not properly handling
background fullscreen scripts when the window goes into fullscreen m
OSV
nss vulnerability
osv·2023-03-06·CVSS 8.8
CVE-2023-0767 [HIGH] nss vulnerability
nss vulnerability
USN-5892-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
OSV
firefox regressions
osv·2023-03-01·CVSS 8.8
CVE-2023-0767 [HIGH] firefox regressions
firefox regressions
USN-5880-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)
Johan Carlsson discovered that Firefox did not properly manage child
iframe's unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)
Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via Exp
OSV
nss vulnerabilities
osv·2023-02-27·CVSS 7.5
CVE-2022-3479 [HIGH] nss vulnerabilities
nss vulnerabilities
It was discovered that NSS incorrectly handled client authentication
without a user certificate in the database. A remote attacker could
possibly use this issue to cause a NSS client to crash, resulting in a
denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-3479)
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
OSV
firefox vulnerabilities
osv·2023-02-20·CVSS 8.8
CVE-2023-0767 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)
Johan Carlsson discovered that Firefox did not properly manage child
iframe's unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)
Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via ExpandedPrincipals. An attacker could
potentially exploits this issue to download malicious files or execute
arbitrary code. (CVE-2023-25729)
Irvan Kurniawan discovered that Firefox did not
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://alas.aws.amazon.com/AL2/ALAS-2023-1992.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1804640https://www.mozilla.org/security/advisories/mfsa2023-05/https://www.mozilla.org/security/advisories/mfsa2023-06/https://www.mozilla.org/security/advisories/mfsa2023-07/https://alas.aws.amazon.com/AL2/ALAS-2023-1992.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1804640https://security.netapp.com/advisory/ntap-20230324-0008/https://www.mozilla.org/security/advisories/mfsa2023-05/https://www.mozilla.org/security/advisories/mfsa2023-06/https://www.mozilla.org/security/advisories/mfsa2023-07/
2023-06-02
Published