Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1842658 | Issue Tracking Permissions Required |
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html | |
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html | |
https://www.debian.org/security/2023/dsa-5464 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5469 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-29/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-30/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-31/ | Vendor Advisory |
Configurations
History
09 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Aug 2023, 14:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | CWE-362 | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ - Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2023/dsa-5464 - Third Party Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ - Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1842658 - Issue Tracking, Permissions Required | |
References | (MISC) https://www.debian.org/security/2023/dsa-5469 - Third Party Advisory |
07 Aug 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2023, 15:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-01 15:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-4049
Mitre link : CVE-2023-4049
CVE.ORG link : CVE-2023-4049
JSON object : View
Products Affected
mozilla
- firefox_esr
- firefox
debian
- debian_linux
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')