CVE-2023-1945 — Out-of-bounds Write in Mozilla Firefox ESR

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 66.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJun 2

Description

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5mozilla/firefox_esrunspecified — 102.10

▶CVEListV5mozilla/thunderbirdunspecified — 102.10

▶NVDmozilla/firefox_esr< 102.10

▶NVDmozilla/thunderbird< 102.10

▶Debianmozilla/thunderbird< 1:102.10.0-1~deb11u1+3

🔴Vulnerability Details

CVEList

CVE-2023-1945: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash↗2023-06-02

▶

OSV

CVE-2023-1945: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash↗2023-06-02

▶

GHSA

GHSA-f6gx-7fq3-c6p8: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash↗2023-06-02

▶

OSV

thunderbird vulnerabilities↗2023-04-13

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2023-04-13

▶

Red Hat

Mozilla: Memory Corruption in Safe Browsing Code↗2023-04-11

▶

Debian

CVE-2023-1945: firefox-esr - Unexpected data returned from the Safe Browsing API could have led to memory cor...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-14: CVE-2023-1945↗

▶

Mozilla

Mozilla Foundation Security Advisory 2023-15: CVE-2023-1945↗

▶