CVE-2023-4056Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow16 documents8 sources
Severity
9.8CRITICALNVD
OSV5.3
EPSS
0.7%
top 28.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedAug 1
Latest updateSep 4

Description

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified116
NVDmozilla/firefox102.0102.14+2
CVEListV5mozilla/firefox_esrunspecified102.14+1
Ubuntumozilla/firefox< 116.0+build2-0ubuntu0.20.04.2
Debianmozilla/thunderbird< 1:102.14.0-1~deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

6
OSV
firefox regressions2023-08-21
OSV
firefox regressions2023-08-08
OSV
firefox vulnerabilities2023-08-02
CVEList
CVE-2023-4056: Memory safety bugs present in Firefox 115, Firefox ESR 1152023-08-01
GHSA
GHSA-jxmw-fv2p-4289: Memory safety bugs present in Firefox 115, Firefox ESR 1152023-08-01

📋Vendor Advisories

9
Ubuntu
Thunderbird vulnerabilities2023-09-04
Ubuntu
Firefox vulnerabilities2023-08-02
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.142023-08-01
Debian
CVE-2023-4056: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13...2023
Mozilla
Mozilla Foundation Security Advisory 2023-30: CVE-2023-4056
CVE-2023-4056 — Out-of-bounds Write in Mozilla Firefox | cvebase