Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-3600
HistoryJul 12, 2023 - 12:00 a.m.

CVE-2023-3600

2023-07-1200:00:00
ubuntu.com
ubuntu.com
11
use-after-free
potentially exploitable crash
firefox
thunderbird
mozjs
spidermonkey javascript engine
ubuntu 22.04
firefox snap

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.0%

During the worker lifecycle, a use-after-free condition could have occured,
which could have led to a potentially exploitable crash. This vulnerability
affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird <
115.0.1.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfirefox< 115.0.2+build1-0ubuntu0.20.04.1UNKNOWN
ubuntu20.04noarchthunderbird< 1:115.3.1+build1-0ubuntu0.20.04.1UNKNOWN
ubuntu22.04noarchthunderbird< 1:115.3.1+build1-0ubuntu0.22.04.2UNKNOWN
ubuntu23.04noarchthunderbird< 1:115.3.1+build1-0ubuntu0.23.04.1UNKNOWN
ubuntu23.10noarchthunderbird< 1:115.2.0+build1-0ubuntu1UNKNOWN
ubuntu24.04noarchthunderbird< 1:115.2.0+build1-0ubuntu1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.0%