CVE-2023-4583

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	117.0 (excluding)
Firefox_esr	Mozilla	*	115.2 (excluding)
Thunderbird	Mozilla	*	115.2 (excluding)
Red Hat Enterprise Linux 7	RedHat	thunderbird-0:102.15.0-1.el7_9	*
Red Hat Enterprise Linux 7	RedHat	firefox-0:102.15.0-1.el7_9	*
Red Hat Enterprise Linux 8	RedHat	firefox-0:102.15.0-1.el8_8	*
Red Hat Enterprise Linux 8	RedHat	thunderbird-0:102.15.0-1.el8_8	*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	RedHat	thunderbird-0:102.15.0-1.el8_1	*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	RedHat	firefox-0:102.15.0-1.el8_1	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	thunderbird-0:102.15.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	firefox-0:102.15.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	RedHat	thunderbird-0:102.15.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	RedHat	firefox-0:102.15.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	RedHat	thunderbird-0:102.15.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	RedHat	firefox-0:102.15.0-1.el8_2	*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	RedHat	thunderbird-0:102.15.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	RedHat	firefox-0:102.15.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	RedHat	thunderbird-0:102.15.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	RedHat	firefox-0:102.15.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	RedHat	thunderbird-0:102.15.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	RedHat	firefox-0:102.15.0-1.el8_4	*
Red Hat Enterprise Linux 8.6 Extended Update Support	RedHat	firefox-0:102.15.0-1.el8_6	*
Red Hat Enterprise Linux 9	RedHat	thunderbird-0:102.15.0-1.el9_2	*
Red Hat Enterprise Linux 9	RedHat	firefox-0:102.15.0-1.el9_2	*
Red Hat Enterprise Linux 9.0 Extended Update Support	RedHat	thunderbird-0:102.15.0-1.el9_0	*
Red Hat Enterprise Linux 9.0 Extended Update Support	RedHat	firefox-0:102.15.0-1.el9_0	*
Firefox	Ubuntu	bionic	*
Firefox	Ubuntu	focal	*
Firefox	Ubuntu	lunar	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	xenial	*
Mozjs102	Ubuntu	devel	*
Mozjs102	Ubuntu	esm-apps/noble	*
Mozjs102	Ubuntu	jammy	*
Mozjs102	Ubuntu	lunar	*
Mozjs102	Ubuntu	mantic	*
Mozjs102	Ubuntu	noble	*
Mozjs102	Ubuntu	upstream	*
Mozjs38	Ubuntu	bionic	*
Mozjs38	Ubuntu	esm-apps/bionic	*
Mozjs38	Ubuntu	upstream	*
Mozjs52	Ubuntu	bionic	*
Mozjs52	Ubuntu	esm-apps/focal	*
Mozjs52	Ubuntu	esm-infra/bionic	*
Mozjs52	Ubuntu	focal	*
Mozjs52	Ubuntu	upstream	*
Mozjs68	Ubuntu	esm-infra/focal	*
Mozjs68	Ubuntu	focal	*
Mozjs68	Ubuntu	upstream	*
Mozjs78	Ubuntu	esm-apps/jammy	*
Mozjs78	Ubuntu	jammy	*
Mozjs78	Ubuntu	lunar	*
Mozjs78	Ubuntu	upstream	*
Mozjs91	Ubuntu	jammy	*
Mozjs91	Ubuntu	upstream	*
Thunderbird	Ubuntu	bionic	*
Thunderbird	Ubuntu	devel	*
Thunderbird	Ubuntu	focal	*
Thunderbird	Ubuntu	jammy	*
Thunderbird	Ubuntu	lunar	*
Thunderbird	Ubuntu	mantic	*
Thunderbird	Ubuntu	noble	*
Thunderbird	Ubuntu	trusty	*
Thunderbird	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4583
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References