Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-5171HistorySep 27, 2023 - 3:19 p.m.
CVE-2023-5171
2023-09-2715:19:42
Debian Security Bug Tracker
security-tracker.debian.org
13
ion compilation
garbage collection
use-after-free
firefox
thunderbird
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
31.6%
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 118.0-1 | firefox_118.0-1_all.deb |
| Debian | 12 | all | firefox-esr | < 115.3.0esr-1~deb12u1 | firefox-esr_115.3.0esr-1~deb12u1_all.deb |
| Debian | 11 | all | firefox-esr | < 115.3.0esr-1~deb11u1 | firefox-esr_115.3.0esr-1~deb11u1_all.deb |
| Debian | 10 | all | firefox-esr | < 115.3.0esr-1~deb10u1 | firefox-esr_115.3.0esr-1~deb10u1_all.deb |
| Debian | 999 | all | firefox-esr | < 115.3.0esr-1 | firefox-esr_115.3.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 115.3.0esr-1 | firefox-esr_115.3.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:115.3.1-1~deb12u1 | thunderbird_1:115.3.1-1~deb12u1_all.deb |
| Debian | 11 | all | thunderbird | < 1:115.3.1-1~deb11u1 | thunderbird_1:115.3.1-1~deb11u1_all.deb |
| Debian | 10 | all | thunderbird | < 1:115.3.1-1~deb10u1 | thunderbird_1:115.3.1-1~deb10u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:115.3.0-1 | thunderbird_1:115.3.0-1_all.deb |
Related
cve
cve
CVE-2023-5171
2023-09-27 15:19:42
redhatcve
redhatcve
CVE-2023-5171
2023-09-27 06:54:25
prion
prion
Design/Logic Flaw
2023-09-27 15:19:00
alpinelinux
alpinelinux
CVE-2023-5171
2023-09-27 15:19:42
cvelist
cvelist
CVE-2023-5171
2023-09-27 14:13:12
nvd
nvd
CVE-2023-5171
2023-09-27 15:19:42
veracode
veracode
Denial Of Service (DoS)
2023-10-02 19:12:51
ubuntucve
ubuntucve
CVE-2023-5171
2023-09-28 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3587-1)
2023-10-02 00:00:00
osv
osv
firefox-esr - security update
2023-09-28 00:00:00
firefox-esr - security update
2023-09-29 00:00:00
thunderbird - security update
2023-10-05 00:00:00
nessus
nessus
Debian DLA-3587-1 : firefox-esr - LTS security update
2023-09-29 00:00:00
Debian DSA-5506-1 : firefox-esr - security update
2023-09-29 00:00:00
Debian DSA-5513-1 : thunderbird - security update
2023-10-03 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: firefox-118.0.1-4.fc39
2023-10-05 21:16:09
debian
debian
[SECURITY] [DSA 5506-1] firefox-esr security update
2023-09-28 18:46:14
[SECURITY] [DSA 5513-1] thunderbird security update
2023-10-03 15:53:49
[SECURITY] [DLA 3587-1] firefox-esr security update
2023-09-29 12:33:11
mageia
mageia
Updated Firefox and Thunderbird packages fix security vulnerabilities
2023-10-10 20:21:41
slackware
slackware
[slackware-security] mozilla-firefox
2023-09-26 19:39:20
kaspersky
kaspersky
KLA60813 Multiple vulnerabilities in Mozilla Firefox ESR
2023-09-26 00:00:00
KLA60814 Multiple vulnerabilities in Mozilla Thunderbird
2023-09-26 00:00:00
KLA60812 Multiple vulnerabilities in Mozilla Firefox
2023-09-26 00:00:00
redhat
redhat
(RHSA-2023:5475) Important: thunderbird security update
2023-10-05 13:52:19
(RHSA-2023:5437) Important: firefox security update
2023-10-04 11:09:53
(RHSA-2023:5436) Important: firefox security update
2023-10-04 10:53:54
oraclelinux
oraclelinux
thunderbird security update
2023-10-13 00:00:00
firefox security update
2023-10-13 00:00:00
thunderbird security update
2023-10-06 00:00:00
almalinux
almalinux
Important: firefox security update
2023-10-04 00:00:00
Important: thunderbird security update
2023-10-04 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.3 — Mozilla
2023-09-26 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.3 — Mozilla
2023-09-26 00:00:00
Security Vulnerabilities fixed in Firefox 118 — Mozilla
2023-09-26 00:00:00
rocky
rocky
thunderbird security update
2023-10-05 21:35:58
thunderbird security update
2023-10-05 21:35:15
ubuntu
ubuntu
Firefox regressions
2023-10-11 00:00:00
Firefox vulnerabilities
2023-10-03 00:00:00
Thunderbird vulnerabilities
2023-10-03 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-02-19 00:00:00
ibm
ibm
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
31.6%
Related for DEBIANCVE:CVE-2023-5171