CVE Vulnerabilities

CVE-2023-0767

Published: Jun 02, 2023 | Modified: Aug 02, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
8.8 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 110.0 (excluding)
Firefox_esr Mozilla * 102.8 (excluding)
Thunderbird Mozilla * 102.8 (excluding)
Firefox Ubuntu bionic *
Firefox Ubuntu focal *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Mozjs38 Ubuntu bionic *
Mozjs38 Ubuntu esm-apps/bionic *
Mozjs38 Ubuntu upstream *
Mozjs52 Ubuntu bionic *
Mozjs52 Ubuntu esm-apps/focal *
Mozjs52 Ubuntu esm-infra/bionic *
Mozjs52 Ubuntu focal *
Mozjs52 Ubuntu upstream *
Mozjs68 Ubuntu focal *
Mozjs68 Ubuntu upstream *
Mozjs78 Ubuntu esm-apps/jammy *
Mozjs78 Ubuntu jammy *
Mozjs78 Ubuntu kinetic *
Mozjs78 Ubuntu lunar *
Mozjs78 Ubuntu upstream *
Mozjs91 Ubuntu jammy *
Mozjs91 Ubuntu upstream *
Nss Ubuntu bionic *
Nss Ubuntu devel *
Nss Ubuntu esm-infra/xenial *
Nss Ubuntu focal *
Nss Ubuntu jammy *
Nss Ubuntu kinetic *
Nss Ubuntu lunar *
Nss Ubuntu mantic *
Nss Ubuntu noble *
Nss Ubuntu trusty *
Nss Ubuntu trusty/esm *
Nss Ubuntu upstream *
Nss Ubuntu xenial *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *
Red Hat Enterprise Linux 6 Extended Lifecycle Support RedHat nss-0:3.44.0-13.el6_10 *
Red Hat Enterprise Linux 7 RedHat nss-0:3.79.0-5.el7_9 *
Red Hat Enterprise Linux 8 RedHat nss-0:3.79.0-11.el8_7 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat nss-0:3.44.0-11.el8_1 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat thunderbird-0:102.9.0-2.el8_1 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat firefox-0:102.9.0-4.el8_1 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat nss-0:3.53.1-13.el8_2 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat thunderbird-0:102.9.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat firefox-0:102.9.0-4.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat nss-0:3.53.1-13.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat thunderbird-0:102.9.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat firefox-0:102.9.0-4.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat nss-0:3.53.1-13.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat thunderbird-0:102.9.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat firefox-0:102.9.0-4.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat nss-0:3.67.0-8.el8_4 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat firefox-0:102.9.0-4.el8_4 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat thunderbird-0:102.9.0-2.el8_4 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat nss-0:3.79.0-11.el8_6 *
Red Hat Enterprise Linux 9 RedHat nss-0:3.79.0-17.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat nss-0:3.79.0-17.el9_0 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 RedHat redhat-virtualization-host-0:4.5.3-202304051438_8.6 *

References