CVE-2023-6862Use After Free in Mozilla Firefox ESR

CWE-416Use After Free10 documents8 sources
Severity
8.8HIGHNVD
OSV4.3
EPSS
0.4%
top 41.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla Firefox ESRMozilla ThunderbirdDebian Linux
Timeline
PublishedDec 19
Latest updateJan 2

Description

A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5mozilla/firefox_esrunspecified115.6
CVEListV5mozilla/thunderbirdunspecified115.6
NVDmozilla/firefox_esr< 115.6
NVDmozilla/thunderbird< 115.6
Debianmozilla/thunderbird< 1:115.6.0-1~deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

4
OSV
thunderbird vulnerabilities2024-01-02
GHSA
GHSA-5x56-7cpg-238g: A use-after-free was identified in the `nsDNSService::Init`2023-12-19
OSV
CVE-2023-6862: A use-after-free was identified in the `nsDNSService::Init`2023-12-19
CVEList
CVE-2023-6862: A use-after-free was identified in the `nsDNSService::Init`2023-12-19

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2024-01-02
Red Hat
Mozilla: Use-after-free in <code>nsDNSService</code>2023-12-19
Debian
CVE-2023-6862: firefox-esr - A use-after-free was identified in the `nsDNSService::Init`. This issue appears...2023
Mozilla
Mozilla Foundation Security Advisory 2023-54: CVE-2023-6862
Mozilla
Mozilla Foundation Security Advisory 2023-55: CVE-2023-6862
CVE-2023-6862 — Use After Free in Mozilla Firefox ESR | cvebase