Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-0767
HistoryFeb 15, 2023 - 12:00 a.m.

CVE-2023-0767

2023-02-1500:00:00
ubuntu.com
ubuntu.com
24
pkcs 12 cert bundle
memory writes
firefox
thunderbird
firefox esr

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

65.0%

An attacker could construct a PKCS 12 cert bundle in such a way that could
allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being
mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8,
and Firefox ESR < 102.8.

Bugs

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap
Rows per page:
1-10 of 211

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

65.0%