Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6562-2
HistoryJan 11, 2024 - 3:08 a.m.

firefox regressions

2024-01-1103:08:42
Google
osv.dev
3
firefox
vulnerabilities
regressions
memory management
nss nist curves
texture validation
security advisory

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON

USN-6562-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code.(CVE-2023-6865,
CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6866, CVE-2023-6867,
CVE-2023-6861, CVE-2023-6869, CVE-2023-6871, CVE-2023-6872, CVE-2023-6863,
CVE-2023-6864, CVE-2023-6873)

DoHyun Lee discovered that Firefox did not properly manage memory when used
on systems with the Mesa VM driver. An attacker could potentially exploit
this issue to execute arbitrary code. (CVE-2023-6856)

George Pantela and Hubert Kario discovered that Firefox using multiple NSS
NIST curves which were susceptible to a side-channel attack known as
“Minerva”. An attacker could potentially exploit this issue to obtain
sensitive information. (CVE-2023-6135)

Andrew Osmond discovered that Firefox did not properly validate the textures
produced by remote decoders. An attacker could potentially exploit this
issue to escape the sandbox. (CVE-2023-6860)

Related

openvas 25
ubuntu 3
nessus 58
osv 12
kaspersky 3
redhat 19
centos 2
mozilla 3
oraclelinux 7
almalinux 4
mageia 2
debian 4
slackware 2
rocky 2
amazon 1
ubuntucve 5
alpinelinux 4
cvelist 7
nvd 5
prion 8
veracode 6
debiancve 5
cve 8
gentoo 1
redhatcve 3
openvas
openvas
Ubuntu: Security Advisory (USN-6562-1)
2024-01-02 00:00:00
Mozilla Firefox Security Advisories (MFSA2023-53, MFSA2023-56) - Windows
2023-12-21 00:00:00
Ubuntu: Security Advisory (USN-6562-2)
2024-01-12 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2024-01-02 00:00:00
Firefox regressions
2024-01-11 00:00:00
Thunderbird vulnerabilities
2024-01-02 00:00:00
nessus
nessus
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6562-1)
2024-01-02 00:00:00
Fedora 38 : firefox / nss (2023-983329cf45)
2023-12-21 00:00:00
Mozilla Firefox < 121.0
2023-12-19 00:00:00
osv
osv
firefox vulnerabilities
2024-01-02 03:25:53
firefox-esr - security update
2023-12-20 00:00:00
Important: firefox security update
2024-01-09 04:07:41
kaspersky
kaspersky
KLA62517 Multiple vulnerabilities in Mozilla Firefox
2023-12-19 00:00:00
KLA62518 Multiple vulnerabilities in Mozilla Firefox ESR
2023-12-19 00:00:00
KLA62519 Multiple vulnerabilities in Mozilla Thunderbird
2023-12-19 00:00:00
redhat
redhat
(RHSA-2024:0019) Important: firefox security update
2024-01-02 06:54:09
(RHSA-2024:0024) Important: firefox security update
2024-01-02 06:54:51
(RHSA-2024:0023) Important: firefox security update
2024-01-02 06:54:47
centos
centos
firefox security update
2024-01-12 18:57:27
thunderbird security update
2024-01-12 18:58:02
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 121 — Mozilla
2023-12-19 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.6 — Mozilla
2023-12-19 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.6 — Mozilla
2023-12-19 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-01-03 00:00:00
firefox security update
2024-01-02 00:00:00
firefox security update
2024-01-03 00:00:00
almalinux
almalinux
Important: firefox security update
2024-01-02 00:00:00
Important: firefox security update
2024-01-02 00:00:00
Important: thunderbird security update
2024-01-02 00:00:00
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2024-01-15 13:07:27
Updated thunderbird thunderbird-l10n packages fix security vulnerabilities
2024-01-12 15:36:35
debian
debian
[SECURITY] [DSA 5581-1] firefox-esr security update
2023-12-20 19:23:51
[SECURITY] [DLA 3697-1] firefox-esr security update
2023-12-29 10:08:44
[SECURITY] [DLA 3698-1] thunderbird security update
2023-12-29 10:11:37
slackware
slackware
[slackware-security] mozilla-firefox
2023-12-19 21:32:19
[slackware-security] mozilla-thunderbird
2023-12-19 21:32:36
rocky
rocky
firefox security update
2024-01-09 04:07:41
thunderbird security update
2024-01-09 04:07:41
amazon
amazon
Important: thunderbird
2024-01-03 21:04:00
ubuntucve
ubuntucve
CVE-2023-6873
2023-12-20 00:00:00
CVE-2023-6866
2023-12-20 00:00:00
CVE-2023-6869
2023-12-20 00:00:00
alpinelinux
alpinelinux
CVE-2023-6873
2023-12-19 14:15:08
CVE-2023-6866
2023-12-19 14:15:07
CVE-2023-6867
2023-12-19 14:15:07
cvelist
cvelist
CVE-2023-6873
2023-12-19 13:38:56
CVE-2023-6866
2023-12-19 13:38:48
CVE-2023-6869
2023-12-19 13:38:51
nvd
nvd
CVE-2023-6869
2023-12-19 14:15:08
CVE-2023-6866
2023-12-19 14:15:07
CVE-2023-6873
2023-12-19 14:15:08
prion
prion
Code injection
2023-12-19 14:15:00
Design/Logic Flaw
2023-12-19 14:15:00
Memory corruption
2023-12-19 14:15:00
veracode
veracode
Out-of-bounds Write
2023-12-25 02:54:27
Information Exposure
2023-12-25 02:48:55
Improper Exception Handling
2023-12-25 02:48:55
debiancve
debiancve
CVE-2023-6873
2023-12-19 14:15:08
CVE-2023-6866
2023-12-19 14:15:07
CVE-2023-6869
2023-12-19 14:15:08
cve
cve
CVE-2023-6866
2023-12-19 14:15:07
CVE-2023-6873
2023-12-19 14:15:08
CVE-2023-6871
2023-12-19 14:15:08
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2024-01-07 00:00:00
redhatcve
redhatcve
CVE-2023-6863
2023-12-20 11:34:57
CVE-2023-6857
2023-12-20 11:34:00
CVE-2023-6865
2023-12-20 11:35:17

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON
Related for OSV:USN-6562-2
openvas25ubuntu3nessus58osv12kaspersky3redhat19centos2mozilla3oraclelinux7almalinux4mageia2debian4slackware2rocky2amazon1ubuntucve5alpinelinux4cvelist7nvd5prion8veracode6debiancve5cve8gentoo1redhatcve3