CVE-2023-6205Use After Free in Mozilla Firefox

CWE-416Use After Free13 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 38.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedNov 21
Latest updateNov 27

Description

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified120
NVDmozilla/firefox< 120.0
CVEListV5mozilla/firefox_esrunspecified115.5.0
NVDmozilla/firefox_esr< 115.5.0
CVEListV5mozilla/thunderbirdunspecified115.5

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2023-11-27
OSV
firefox vulnerabilities2023-11-23
CVEList
CVE-2023-6205: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash2023-11-21
OSV
CVE-2023-6205: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash2023-11-21
GHSA
GHSA-h4m4-6cfw-5q6g: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash2023-11-21

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2023-11-27
Ubuntu
Firefox vulnerabilities2023-11-23
Red Hat
Mozilla: Use-after-free in MessagePort::Entangled2023-11-21
Debian
CVE-2023-6205: firefox - It was possible to cause the use of a MessagePort after it had already been free...2023
Mozilla
Mozilla Foundation Security Advisory 2023-49: CVE-2023-6205
CVE-2023-6205 — Use After Free in Mozilla Firefox | cvebase