Lucene search

[email protected]NVD:CVE-2023-6858

HistoryDec 19, 2023 - 2:15 p.m.

CVE-2023-6858

2023-12-1914:15:07

CWE-787

[email protected]

web.nvd.nist.gov

firefox

heap buffer overflow

nstextfragment

oom handling

thunderbird

vulnerability

firefox esr

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.5%

JSON

Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Affected configurations

NVD

Node

mozillafirefoxRange<121.0

mozillafirefox_esrRange<115.6

mozillathunderbirdRange<115.6

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1826791

lists.debian.org/debian-lts-announce/2023/12/msg00020.html

lists.debian.org/debian-lts-announce/2023/12/msg00021.html

security.gentoo.org/glsa/202401-10

www.debian.org/security/2023/dsa-5581

www.debian.org/security/2023/dsa-5582

www.mozilla.org/security/advisories/mfsa2023-54/

www.mozilla.org/security/advisories/mfsa2023-55/

www.mozilla.org/security/advisories/mfsa2023-56/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for NVD:CVE-2023-6858

cvelist1 debiancve1 ubuntucve1 veracode1 cve1 redhatcve1 alpinelinux1 prion1 osv13 redhat18 nessus59 debian4 openvas25 oraclelinux6 centos2 mozilla3 kaspersky3 amazon1 almalinux4 rocky2 mageia2 slackware2 ubuntu3 gentoo2