Lucene search

K

[email protected]NVD:CVE-2023-6862

HistoryDec 19, 2023 - 2:15 p.m.

CVE-2023-6862

2023-12-1914:15:07

CWE-416

[email protected]

web.nvd.nist.gov

vulnerability

firefox esr

thunderbird

use-after-free

nsdnsservice::init

cve-2023-6862

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.8%

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

Affected configurations

NVD

Node

mozillafirefox_esrRange<115.6

OR

mozillathunderbirdRange<115.6

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

OR

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1868042

lists.debian.org/debian-lts-announce/2023/12/msg00020.html

lists.debian.org/debian-lts-announce/2023/12/msg00021.html

security.gentoo.org/glsa/202401-10

www.debian.org/security/2023/dsa-5581

www.debian.org/security/2023/dsa-5582

www.mozilla.org/security/advisories/mfsa2023-54/

www.mozilla.org/security/advisories/mfsa2023-55/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.8%

Related for NVD:CVE-2023-6862

cvelist1 ubuntucve1 cve1 veracode1 redhatcve1 alpinelinux1 prion1 debiancve1 osv11 redhat18 nessus54 debian4 openvas20 oraclelinux6 centos2 mozilla2 kaspersky2 amazon1 almalinux4 rocky2 mageia2 slackware2 ubuntu1 gentoo2