Vulnerability-Lookup

CVE-2023-37201 (GCVE-0-2023-37201)

Vulnerability from cvelistv5 – Published: 2023-07-05 08:51 – Updated: 2025-02-13 16:56

Summary

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Severity ?

No CVSS data available.

CWE

Use-after-free in WebRTC certificate generation

Assigner

mozilla

References

8 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1826002
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://lists.debian.org/debian-lts-announce/2023…
https://www.debian.org/security/2023/dsa-5450
https://www.debian.org/security/2023/dsa-5451
https://lists.debian.org/debian-lts-announce/2023…

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 115 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 102.13 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 102.13 (custom)

Credits

Irvan Kurniawan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:32.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5450"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5451"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37201",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T14:30:36.545377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T14:30:51.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Irvan Kurniawan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13."
            }
          ],
          "value": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in WebRTC certificate generation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T09:06:20.222Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5450"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5451"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2023-37201",
    "datePublished": "2023-07-05T08:51:01.631Z",
    "dateReserved": "2023-06-28T18:07:02.265Z",
    "dateUpdated": "2025-02-13T16:56:31.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-37201",
      "date": "2026-05-19",
      "epss": "0.00758",
      "percentile": "0.735"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"115.0\", \"matchCriteriaId\": \"D1EEB7A5-332B-475E-8BEC-52B282166DDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"102.13\", \"matchCriteriaId\": \"D7E02D3B-8A45-46DD-A53D-C374264A31F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"102.13\", \"matchCriteriaId\": \"10BCAF6D-BACC-4240-A6EA-FBC769D9F5BF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\"}]",
      "id": "CVE-2023-37201",
      "lastModified": "2024-11-21T08:11:10.990",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-07-05T09:15:09.510",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5450\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5451\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-22/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-23/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-24/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5450\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5451\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-22/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-23/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-24/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-37201\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2023-07-05T09:15:09.510\",\"lastModified\":\"2024-11-21T08:11:10.990\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.0\",\"matchCriteriaId\":\"D1EEB7A5-332B-475E-8BEC-52B282166DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.13\",\"matchCriteriaId\":\"D7E02D3B-8A45-46DD-A53D-C374264A31F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.13\",\"matchCriteriaId\":\"10BCAF6D-BACC-4240-A6EA-FBC769D9F5BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5450\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5451\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-22/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-23/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-24/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-22/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-23/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-24/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-22/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-23/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-24/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5450\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5451\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:09:32.879Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37201\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T14:30:36.545377Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-21T14:30:43.798Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Irvan Kurniawan\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.13\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.13\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-22/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-23/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-24/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5450\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5451\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Use-after-free in WebRTC certificate generation\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2023-07-05T08:51:01.631Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-37201\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T14:30:51.195Z\", \"dateReserved\": \"2023-06-28T18:07:02.265Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2023-07-05T08:51:01.631Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0509

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 102.13
Mozilla	Thunderbird	Thunderbird versions antérieures à 102.13
Mozilla	Firefox	Firefox versions antérieures à 115

References

Title

Publication Time

CERTFR-2023-AVI-0509

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 102.13
Mozilla	Thunderbird	Thunderbird versions antérieures à 102.13
Mozilla	Firefox	Firefox versions antérieures à 115

References

Title

Publication Time

alsa-2023:4063

Vulnerability from osv_almalinux

Published

2023-07-13 00:00

Modified

2023-07-14 22:29

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
Mozilla: Fullscreen notification obscured (CVE-2023-37207)
Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:4063	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-37201	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37202	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37207	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37208	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37211	REPORT
	https://bugzilla.redhat.com/2219747	REPORT
	https://bugzilla.redhat.com/2219748	REPORT
	https://bugzilla.redhat.com/2219749	REPORT
	https://bugzilla.redhat.com/2219750	REPORT
	https://bugzilla.redhat.com/2219751	REPORT
	https://errata.almalinux.org/8/ALSA-2023-4063.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.13.0-2.el8_8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.13.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:4063",
  "modified": "2023-07-14T22:29:12Z",
  "published": "2023-07-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:4063"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37201"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37202"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37207"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37208"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37211"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219747"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219748"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219749"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219750"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219751"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-4063.html"
    }
  ],
  "related": [
    "CVE-2023-37201",
    "CVE-2023-37202",
    "CVE-2023-37211",
    "CVE-2023-37207",
    "CVE-2023-37208"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2023:4064

Vulnerability from osv_almalinux

Published

2023-07-13 00:00

Modified

2023-07-14 22:20

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
Mozilla: Fullscreen notification obscured (CVE-2023-37207)
Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:4064	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-37201	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37202	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37207	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37208	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37211	REPORT
	https://bugzilla.redhat.com/2219747	REPORT
	https://bugzilla.redhat.com/2219748	REPORT
	https://bugzilla.redhat.com/2219749	REPORT
	https://bugzilla.redhat.com/2219750	REPORT
	https://bugzilla.redhat.com/2219751	REPORT
	https://errata.almalinux.org/9/ALSA-2023-4064.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.13.0-2.el9_2.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.13.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:4064",
  "modified": "2023-07-14T22:20:08Z",
  "published": "2023-07-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:4064"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37201"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37202"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37207"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37208"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37211"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219747"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219748"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219749"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219750"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219751"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-4064.html"
    }
  ],
  "related": [
    "CVE-2023-37201",
    "CVE-2023-37202",
    "CVE-2023-37211",
    "CVE-2023-37207",
    "CVE-2023-37208"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2023:4071

Vulnerability from osv_almalinux

Published

2023-07-13 00:00

Modified

2023-07-14 22:13

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
Mozilla: Fullscreen notification obscured (CVE-2023-37207)
Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:4071	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-37201	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37202	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37207	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37208	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37211	REPORT
	https://bugzilla.redhat.com/2219747	REPORT
	https://bugzilla.redhat.com/2219748	REPORT
	https://bugzilla.redhat.com/2219749	REPORT
	https://bugzilla.redhat.com/2219750	REPORT
	https://bugzilla.redhat.com/2219751	REPORT
	https://errata.almalinux.org/9/ALSA-2023-4071.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.13.0-2.el9_2.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.13.0-2.el9_2.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:4071",
  "modified": "2023-07-14T22:13:35Z",
  "published": "2023-07-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:4071"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37201"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37202"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37207"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37208"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37211"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219747"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219748"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219749"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219750"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219751"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-4071.html"
    }
  ],
  "related": [
    "CVE-2023-37201",
    "CVE-2023-37202",
    "CVE-2023-37211",
    "CVE-2023-37207",
    "CVE-2023-37208"
  ],
  "summary": "Important: firefox security update"
}

alsa-2023:4076

Vulnerability from osv_almalinux

Published

2023-07-13 00:00

Modified

2023-07-14 22:04

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
Mozilla: Fullscreen notification obscured (CVE-2023-37207)
Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:4076	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-37201	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37202	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37207	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37208	REPORT
	https://access.redhat.com/security/cve/CVE-2023-37211	REPORT
	https://bugzilla.redhat.com/2219747	REPORT
	https://bugzilla.redhat.com/2219748	REPORT
	https://bugzilla.redhat.com/2219749	REPORT
	https://bugzilla.redhat.com/2219750	REPORT
	https://bugzilla.redhat.com/2219751	REPORT
	https://errata.almalinux.org/8/ALSA-2023-4076.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.13.0-2.el8_8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:4076",
  "modified": "2023-07-14T22:04:33Z",
  "published": "2023-07-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:4076"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37201"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37202"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37207"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37208"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-37211"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219747"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219748"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219749"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219750"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2219751"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-4076.html"
    }
  ],
  "related": [
    "CVE-2023-37201",
    "CVE-2023-37202",
    "CVE-2023-37211",
    "CVE-2023-37207",
    "CVE-2023-37208"
  ],
  "summary": "Important: firefox security update"
}

BDU:2023-04024

Vulnerability from fstec - Published: 05.07.2023

Title

Уязвимость технологии WebRTC браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Description

Уязвимость технологии WebRTC браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird связана с ошибкой использования освобожденной памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., ООО «РусБИТех-Астра», Novell Inc., Сообщество свободного программного обеспечения, Canonical Ltd., ООО «Ред Софт», Mozilla Corp., АО "НППКТ", АО «ИВК»

Software Name

Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE OpenStack Cloud, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Workstation Extension, SUSE OpenStack Cloud Crowbar, Debian GNU/Linux, SUSE Enterprise Storage, HPE Helion Openstack, Ubuntu, SUSE Linux Enterprise High Performance Computing, SUSE Manager Proxy, SUSE Manager Retail Branch Server, SUSE Manager Server, РЕД ОС (запись в едином реестре российских программ №3751), SUSE Linux Enterprise Real Time, SUSE Linux Enterprise Module for additional PackageHub, SUSE Linux Enterprise Module for Package Hub, Firefox, Firefox ESR, Thunderbird, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10

Software Version

7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 7 (SUSE OpenStack Cloud), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud Crowbar), 10 (Debian GNU/Linux), 6 (SUSE Enterprise Storage), 8 (HPE Helion Openstack), 20.04 LTS (Ubuntu), 15 SP2 (SUSE Linux Enterprise Workstation Extension), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1-ESPOS (SUSE Linux Enterprise High Performance Computing), 4.0 (SUSE Manager Proxy), 4.0 (SUSE Manager Retail Branch Server), 4.0 (SUSE Manager Server), 15 SP3 (SUSE Linux Enterprise Workstation Extension), 15 SP3 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing), 4.1 (SUSE Manager Retail Branch Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise High Performance Computing), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 4.2 (SUSE Manager Retail Branch Server), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP2 (SUSE Linux Enterprise Real Time), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 7.1 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for additional PackageHub), 4.7 (Astra Linux Special Edition), 22.10 (Ubuntu), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 9.0 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Module for Package Hub), 23.04 (Ubuntu), до 115 (Firefox), до 102.13 (Firefox ESR), до 102.13 (Thunderbird), 8.4 Telecommunications Update Service (Red Hat Enterprise Linux), 8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP5 (SUSE Linux Enterprise Module for additional PackageHub), до 2.8 (ОСОН ОСнова Оnyx), - (АЛЬТ СП 10)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств антивирусной защиты с функцией контроля доступа к веб-ресурсам; - контролируемый доступ в сеть Интернет – регламентация разрешенных сетевых ресурсов и соединений; - запуск веб-браузера от имени пользователя с минимальными возможными привилегиями в операционной системе; - использование альтернативных веб-браузеров; - применение систем обнаружения и предотвращения вторжений. Использование рекомендаций: Для Ubuntu: https://ubuntu.com/security/notices/USN-6201-1 https://ubuntu.com/security/notices/USN-6214-1 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2023-37201.html Для программных продуктов Mozilla Corp.: https://www.mozilla.org/security/advisories/mfsa2023-22/ https://www.mozilla.org/security/advisories/mfsa2023-23/ https://www.mozilla.org/security/advisories/mfsa2023-24/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-37201 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-37201 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения firefox-esr до версии 102.13.0esr+repack-1~deb10u1.osnova1 Обновление программного обеспечения thunderbird до версии 1:102.13.1+repack-1~deb10u1.osnova1 Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства Для Astra Linux Special Edition 4.7: - обновить пакет firefox до 118.0.1+build1-0ubuntu0.20.04.1~mt1+ci202309291803+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47 - обновить пакет thunderbird до 1:115.3.1+build1-0ubuntu1+ci202310041156+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47 Для ОС Astra Linux Special Edition 1.7: - обновить пакет firefox до 118.0.1+build1-0ubuntu0.20.04.1~mt1+ci202309291803+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17 - обновить пакет thunderbird до 1:115.3.1+build1-0ubuntu1+ci202310041156+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17 Для ОС Astra Linux 1.6 «Смоленск»: - обновить пакет thunderbird до 1:115.5.0+build1-0ubuntu1+ci202311280951+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16 - обновить пакет firefox до 120.0+build2-0ubuntu0.20.04.1+ci202311281348+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1826002 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22/ https://www.mozilla.org/security/advisories/mfsa2023-23/ https://www.mozilla.org/security/advisories/mfsa2023-24/ https://access.redhat.com/security/cve/cve-2023-37201 https://security-tracker.debian.org/tracker/CVE-2023-37201 https://www.suse.com/security/cve/CVE-2023-37201.html https://ubuntu.com/security/notices/USN-6201-1 https://ubuntu.com/security/notices/USN-6214-1 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/ http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 7 (SUSE OpenStack Cloud), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud Crowbar), 10 (Debian GNU/Linux), 6 (SUSE Enterprise Storage), 8 (HPE Helion Openstack), 20.04 LTS (Ubuntu), 15 SP2 (SUSE Linux Enterprise Workstation Extension), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1-ESPOS (SUSE Linux Enterprise High Performance Computing), 4.0 (SUSE Manager Proxy), 4.0 (SUSE Manager Retail Branch Server), 4.0 (SUSE Manager Server), 15 SP3 (SUSE Linux Enterprise Workstation Extension), 15 SP3 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing), 4.1 (SUSE Manager Retail Branch Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise High Performance Computing), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 4.2 (SUSE Manager Retail Branch Server), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP2 (SUSE Linux Enterprise Real Time), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 7.1 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for additional PackageHub), 4.7 (Astra Linux Special Edition), 22.10 (Ubuntu), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 9.0 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Module for Package Hub), 23.04 (Ubuntu), \u0434\u043e 115 (Firefox), \u0434\u043e 102.13 (Firefox ESR), \u0434\u043e 102.13 (Thunderbird), 8.4 Telecommunications Update Service (Red Hat Enterprise Linux), 8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP5 (SUSE Linux Enterprise Module for additional PackageHub), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0435\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u2013 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-6201-1\nhttps://ubuntu.com/security/notices/USN-6214-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2023-37201.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/security/advisories/mfsa2023-22/\nhttps://www.mozilla.org/security/advisories/mfsa2023-23/\nhttps://www.mozilla.org/security/advisories/mfsa2023-24/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-37201\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-37201\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 102.13.0esr+repack-1~deb10u1.osnova1\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:102.13.1+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 118.0.1+build1-0ubuntu0.20.04.1~mt1+ci202309291803+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.3.1+build1-0ubuntu1+ci202310041156+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 118.0.1+build1-0ubuntu0.20.04.1~mt1+ci202309291803+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.3.1+build1-0ubuntu1+ci202310041156+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.5.0+build1-0ubuntu1+ci202311280951+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 120.0+build2-0ubuntu0.20.04.1+ci202311281348+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.07.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.07.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-37201",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE OpenStack Cloud, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Workstation Extension, SUSE OpenStack Cloud Crowbar, Debian GNU/Linux, SUSE Enterprise Storage, HPE Helion Openstack, Ubuntu, SUSE Linux Enterprise High Performance Computing, SUSE Manager Proxy, SUSE Manager Retail Branch Server, SUSE Manager Server, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SUSE Linux Enterprise Real Time, SUSE Linux Enterprise Module for additional PackageHub, SUSE Linux Enterprise Module for Package Hub, Firefox, Firefox ESR, Thunderbird, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041b\u042c\u0422 \u0421\u041f 10",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP1 , Novell Inc. Suse Linux Enterprise Desktop 15 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.10 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.0 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL , Novell Inc. SUSE Linux Enterprise Module for Package Hub 15 SP3 , Canonical Ltd. Ubuntu 23.04 , Red Hat Inc. Red Hat Enterprise Linux 8.4 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 WebRTC \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 WebRTC \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002\nhttps://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\nhttps://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\nhttps://www.debian.org/security/2023/dsa-5450\nhttps://www.debian.org/security/2023/dsa-5451\nhttps://www.mozilla.org/security/advisories/mfsa2023-22/\nhttps://www.mozilla.org/security/advisories/mfsa2023-23/\nhttps://www.mozilla.org/security/advisories/mfsa2023-24/\nhttps://access.redhat.com/security/cve/cve-2023-37201\nhttps://security-tracker.debian.org/tracker/CVE-2023-37201\nhttps://www.suse.com/security/cve/CVE-2023-37201.html\nhttps://ubuntu.com/security/notices/USN-6201-1\nhttps://ubuntu.com/security/notices/USN-6214-1\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2023-59025

Vulnerability from cnvd - Published: 2023-07-28

Title

Mozilla Firefox资源管理错误漏洞（CNVD-2023-59025）

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在资源管理错误漏洞，攻击者可利用该漏洞在通过HTTPS创建WebRTC连接时触发释放后重用。

Severity

高

Patch Name

Mozilla Firefox资源管理错误漏洞（CNVD-2023-59025）的补丁

Patch Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在资源管理错误漏洞，攻击者可利用该漏洞在通过HTTPS创建WebRTC连接时触发释放后重用。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/security/advisories/mfsa2023-22/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-37201

Impacted products

Name
['Mozilla Firefox <115.0', 'Mozilla Firefox ESR <102.13', 'Mozilla Thunderbird <102.13']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-37201",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u901a\u8fc7HTTPS\u521b\u5efaWebRTC\u8fde\u63a5\u65f6\u89e6\u53d1\u91ca\u653e\u540e\u91cd\u7528\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://www.mozilla.org/security/advisories/mfsa2023-22/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-59025",
  "openTime": "2023-07-28",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u901a\u8fc7HTTPS\u521b\u5efaWebRTC\u8fde\u63a5\u65f6\u89e6\u53d1\u91ca\u653e\u540e\u91cd\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2023-59025\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c115.0",
      "Mozilla Firefox ESR \u003c102.13",
      "Mozilla Thunderbird \u003c102.13"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
  "serverity": "\u9ad8",
  "submitTime": "2023-07-12",
  "title": "Mozilla Firefox\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2023-59025\uff09"
}

FKIE_CVE-2023-37201

Vulnerability from fkie_nvd - Published: 2023-07-05 09:15 - Updated: 2024-11-21 08:11

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1826002	Issue Tracking, Permissions Required
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html	Mailing List, Third Party Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
security@mozilla.org	https://www.debian.org/security/2023/dsa-5450	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2023/dsa-5451	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2023-22/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2023-23/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2023-24/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1826002	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5450	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5451	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2023-22/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2023-23/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2023-24/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1EEB7A5-332B-475E-8BEC-52B282166DDA",
              "versionEndExcluding": "115.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E02D3B-8A45-46DD-A53D-C374264A31F5",
              "versionEndExcluding": "102.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10BCAF6D-BACC-4240-A6EA-FBC769D9F5BF",
              "versionEndExcluding": "102.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13."
    }
  ],
  "id": "CVE-2023-37201",
  "lastModified": "2024-11-21T08:11:10.990",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-05T09:15:09.510",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5450"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5451"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-75QJ-FCP3-J9W2

Vulnerability from github – Published: 2023-07-05 09:30 – Updated: 2024-04-04 05:23

Details

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-37201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-05T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
  "id": "GHSA-75qj-fcp3-j9w2",
  "modified": "2024-04-04T05:23:16Z",
  "published": "2023-07-05T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5450"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5451"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-22"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-23"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-37201 (GCVE-0-2023-37201)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature