Lucene search

K

[email protected]NVD:CVE-2023-6861

HistoryDec 19, 2023 - 2:15 p.m.

CVE-2023-6861

2023-12-1914:15:07

CWE-787

[email protected]

web.nvd.nist.gov

firefox

thunderbird

vulnerability

buffer overflow

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.5%

The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Affected configurations

NVD

Node

mozillafirefoxRange<121.0

OR

mozillafirefox_esrRange<115.6

OR

mozillathunderbirdRange<115.6

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

OR

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1864118

lists.debian.org/debian-lts-announce/2023/12/msg00020.html

lists.debian.org/debian-lts-announce/2023/12/msg00021.html

security.gentoo.org/glsa/202401-10

www.debian.org/security/2023/dsa-5581

www.debian.org/security/2023/dsa-5582

www.mozilla.org/security/advisories/mfsa2023-54/

www.mozilla.org/security/advisories/mfsa2023-55/

www.mozilla.org/security/advisories/mfsa2023-56/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.5%

Related for NVD:CVE-2023-6861

ubuntucve1 alpinelinux1 prion1 veracode1 debiancve1 cvelist1 redhatcve1 cve1 osv13 redhat18 nessus59 debian4 openvas25 oraclelinux6 centos2 mozilla3 kaspersky3 amazon1 almalinux4 rocky2 mageia2 slackware2 ubuntu3 gentoo2