CVE-2023-6873

2023-12-1914:15:08

Debian Security Bug Tracker

security-tracker.debian.org

firefox

memory safety

vulnerability

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 121.0-1firefox_121.0-1_all.deb
Debian12allthunderbird< 1:115.6.0-1~deb12u1thunderbird_1:115.6.0-1~deb12u1_all.deb
Debian11allthunderbird< 1:115.6.0-1~deb11u1thunderbird_1:115.6.0-1~deb11u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 121.0-1	firefox_121.0-1_all.deb
Debian	12	all	thunderbird	< 1:115.6.0-1~deb12u1	thunderbird_1:115.6.0-1~deb12u1_all.deb
Debian	11	all	thunderbird	< 1:115.6.0-1~deb11u1	thunderbird_1:115.6.0-1~deb11u1_all.deb