Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-29532HistoryJun 19, 2023 - 10:15 a.m.
CVE-2023-29532
2023-06-1910:15:09
Debian Security Bug Tracker
security-tracker.debian.org
7
mozilla
maintenance service
local attacker
unsigned update
smb server
windows
vulnerability
firefox
thunderbird
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 126.0.1-1 | firefox_126.0.1-1_all.deb |
| Debian | 12 | all | firefox-esr | < 115.7.0esr-1~deb12u1 | firefox-esr_115.7.0esr-1~deb12u1_all.deb |
| Debian | 11 | all | firefox-esr | < 115.7.0esr-1~deb11u1 | firefox-esr_115.7.0esr-1~deb11u1_all.deb |
| Debian | 10 | all | firefox-esr | < 91.12.0esr-1~deb10u1 | firefox-esr_91.12.0esr-1~deb10u1_all.deb |
| Debian | 999 | all | firefox-esr | < 115.11.0esr-1 | firefox-esr_115.11.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 115.11.0esr-1 | firefox-esr_115.11.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:115.7.0-1~deb12u1 | thunderbird_1:115.7.0-1~deb12u1_all.deb |
| Debian | 11 | all | thunderbird | < 1:115.7.0-1~deb11u1 | thunderbird_1:115.7.0-1~deb11u1_all.deb |
| Debian | 10 | all | thunderbird | < 1:91.12.0-1~deb10u1 | thunderbird_1:91.12.0-1~deb10u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:115.11.0-1 | thunderbird_1:115.11.0-1_all.deb |
Related
redhatcve
redhatcve
CVE-2023-29532
2023-04-12 06:30:59
ubuntucve
ubuntucve
CVE-2023-29532
2023-06-19 00:00:00
prion
prion
Code injection
2023-06-19 10:15:00
veracode
veracode
SMB Relaying Attack
2023-10-02 19:15:12
alpinelinux
alpinelinux
CVE-2023-29532
2023-06-19 10:15:09
cve
cve
CVE-2023-29532
2023-06-19 10:15:09
cvelist
cvelist
CVE-2023-29532
2023-06-19 09:58:03
nessus
nessus
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-101-01)
2023-04-12 00:00:00
Mozilla Firefox ESR < 102.10
2023-04-11 00:00:00
Mozilla Firefox ESR < 102.10
2023-04-11 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2023-14) - Windows
2023-04-12 00:00:00
Slackware: Security Advisory (SSA:2023-101-01)
2023-04-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1819-1)
2023-04-12 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2023-04-11 18:52:40
[slackware-security] mozilla-thunderbird
2023-04-13 01:16:49
redos
redos
ROS-20230505-02
2023-05-05 00:00:00
ROS-20230505-01
2023-05-05 00:00:00
kaspersky
kaspersky
KLA48841 Multiple vulnerabilities in Mozilla Firefox ESR
2023-04-11 00:00:00
KLA48840 Multiple vulnerabilities in Mozilla Thunderbird
2023-04-11 00:00:00
KLA48839 Multiple vulnerabilities in Mozilla Firefox
2023-04-11 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 102.10 — Mozilla
2023-04-11 00:00:00
Security Vulnerabilities fixed in Thunderbird 102.10 — Mozilla
2023-04-11 00:00:00
