CVE-2023-3600

2023-07-1214:15:10

Debian Security Bug Tracker

security-tracker.debian.org

use-after-free

firefox

thunderbird

vulnerability

exploitable

crash

cve-2023-3600

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.4%

JSON

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 115.0.2-1firefox_115.0.2-1_all.deb
Debian12allthunderbird< 1:115.7.0-1~deb12u1thunderbird_1:115.7.0-1~deb12u1_all.deb
Debian11allthunderbird< 1:115.7.0-1~deb11u1thunderbird_1:115.7.0-1~deb11u1_all.deb
Debian10allthunderbird< 1:91.12.0-1~deb10u1thunderbird_1:91.12.0-1~deb10u1_all.deb
Debian999allthunderbird< 1:115.12.0-1thunderbird_1:115.12.0-1_all.deb
Debian13allthunderbird< 1:115.12.0-1thunderbird_1:115.12.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 115.0.2-1	firefox_115.0.2-1_all.deb
Debian	12	all	thunderbird	< 1:115.7.0-1~deb12u1	thunderbird_1:115.7.0-1~deb12u1_all.deb
Debian	11	all	thunderbird	< 1:115.7.0-1~deb11u1	thunderbird_1:115.7.0-1~deb11u1_all.deb
Debian	10	all	thunderbird	< 1:91.12.0-1~deb10u1	thunderbird_1:91.12.0-1~deb10u1_all.deb
Debian	999	all	thunderbird	< 1:115.12.0-1	thunderbird_1:115.12.0-1_all.deb
Debian	13	all	thunderbird	< 1:115.12.0-1	thunderbird_1:115.12.0-1_all.deb