CVE-2023-6862
published 2023-12-19CVE-2023-6862: A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR <…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox-esr | < firefox-esr 115.6.0esr-1~deb12u1 (bookworm) | firefox-esr 115.6.0esr-1~deb12u1 (bookworm) |
| debian | thunderbird | < firefox-esr 115.6.0esr-1~deb12u1 (bookworm) | firefox-esr 115.6.0esr-1~deb12u1 (bookworm) |
| mozilla | firefox | — | — |
| mozilla | firefox_esr | < 115.6 | 115.6 |
| mozilla | firefox_esr | >= unspecified < 115.6 | 115.6 |
| mozilla | thunderbird | < 115.6 | 115.6 |
| mozilla | thunderbird | >= 0 < 1:115.6.0-1~deb11u1 | 1:115.6.0-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:115.6.0-1~deb12u1 | 1:115.6.0-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:115.6.0-1 | 1:115.6.0-1 |
| mozilla | thunderbird | >= 0 < 1:115.6.0-1 | 1:115.6.0-1 |
| mozilla | thunderbird | >= 0 < 1:115.6.0+build2-0ubuntu0.20.04.1 | 1:115.6.0+build2-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.6.0+build2-0ubuntu0.22.04.1 | 1:115.6.0+build2-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= unspecified < 115.6 | 115.6 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
OSV
thunderbird vulnerabilities
osv·2024-01-02·CVSS 4.3
CVE-2023-6857 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.(CVE-2023-6857, CVE-2023-6858,
CVE-2023-6859, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864)
Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME
payload that contains digitally signed text. An attacker could potentially
exploit this issue to spoof an email message. (CVE-2023-50762)
Marcus Brinkmann discovered that Thunderbird did not properly compare the
signature creation date with the message date an
GHSA
GHSA-5x56-7cpg-238g: A use-after-free was identified in the `nsDNSService::Init`
ghsa_unreviewed·2023-12-19
CVE-2023-6862 [HIGH] CWE-416 GHSA-5x56-7cpg-238g: A use-after-free was identified in the `nsDNSService::Init`
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
OSV
CVE-2023-6862: A use-after-free was identified in the `nsDNSService::Init`
osv·2023-12-19·CVSS 8.8
CVE-2023-6862 [HIGH] CVE-2023-6862: A use-after-free was identified in the `nsDNSService::Init`
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2024-01-02·CVSS 4.3
CVE-2023-6859 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.(CVE-2023-6857, CVE-2023-6858,
CVE-2023-6859, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864)
Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME
payload that contains digitally signed text. An attacker could potentially
exploit this issue to spoof an email message. (CVE-2023-50762)
Marcus Brinkmann discovered that Thunderbird did not p
Red Hat
Mozilla: Use-after-free in <code>nsDNSService</code>
vendor_redhat·2023-12-19·CVSS 8.8
CVE-2023-6862 [HIGH] CWE-416 Mozilla: Use-after-free in <code>nsDNSService</code>
Mozilla: Use-after-free in nsDNSService
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
The Mozilla Foundation Security Advisory describes this flaw as:
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Debian
CVE-2023-6862: firefox-esr - A use-after-free was identified in the `nsDNSService::Init`. This issue appears...
vendor_debian·2023·CVSS 8.8
CVE-2023-6862 [HIGH] CVE-2023-6862: firefox-esr - A use-after-free was identified in the `nsDNSService::Init`. This issue appears...
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Scope: local
bookworm: resolved (fixed in 115.6.0esr-1~deb12u1)
bullseye: resolved (fixed in 115.6.0esr-1~deb11u1)
forky: resolved (fixed in 115.6.0esr-1)
sid: resolved (fixed in 115.6.0esr-1)
trixie: resolved (fixed in 115.6.0esr-1)
Mozilla
Mozilla Foundation Security Advisory 2023-54: CVE-2023-6862
vendor_mozilla·CVSS 8.8
CVE-2023-6862 [HIGH] Mozilla Foundation Security Advisory 2023-54: CVE-2023-6862
Mozilla Foundation Security Advisory 2023-54
CVE: CVE-2023-6862
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.6
Mozilla
Mozilla Foundation Security Advisory 2023-55: CVE-2023-6862
vendor_mozilla·CVSS 8.8
CVE-2023-6862 [HIGH] Mozilla Foundation Security Advisory 2023-55: CVE-2023-6862
Mozilla Foundation Security Advisory 2023-55
CVE: CVE-2023-6862
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.6
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1868042https://lists.debian.org/debian-lts-announce/2023/12/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2023/12/msg00021.htmlhttps://security.gentoo.org/glsa/202401-10https://www.debian.org/security/2023/dsa-5581https://www.debian.org/security/2023/dsa-5582https://www.mozilla.org/security/advisories/mfsa2023-54/https://www.mozilla.org/security/advisories/mfsa2023-55/https://bugzilla.mozilla.org/show_bug.cgi?id=1868042https://lists.debian.org/debian-lts-announce/2023/12/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2023/12/msg00021.htmlhttps://security.gentoo.org/glsa/202401-10https://www.debian.org/security/2023/dsa-5581https://www.debian.org/security/2023/dsa-5582https://www.mozilla.org/security/advisories/mfsa2023-54/https://www.mozilla.org/security/advisories/mfsa2023-55/
2023-12-19
Published