CVE-2023-34416 - Vulnerability Details

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
thunderbird-0:102.12.0-1.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:3563	2023-06-13T00:00:00Z
firefox-0:102.12.0-1.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:3579	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8
thunderbird-0:102.12.0-1.el8_8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:3588	2023-06-14T00:00:00Z
firefox-0:102.12.0-1.el8_8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:3590	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
firefox-0:102.12.0-1.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:3561	2023-06-13T00:00:00Z
thunderbird-0:102.12.0-1.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:3564	2023-06-13T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
thunderbird-0:102.12.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:3565	2023-06-13T00:00:00Z
firefox-0:102.12.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:3578	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
thunderbird-0:102.12.0-1.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:3565	2023-06-13T00:00:00Z
firefox-0:102.12.0-1.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:3578	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
thunderbird-0:102.12.0-1.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:3565	2023-06-13T00:00:00Z
firefox-0:102.12.0-1.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:3578	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
thunderbird-0:102.12.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:3596	2023-06-14T00:00:00Z
firefox-0:102.12.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:3597	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
thunderbird-0:102.12.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:3596	2023-06-14T00:00:00Z
firefox-0:102.12.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:3597	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
thunderbird-0:102.12.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:3596	2023-06-14T00:00:00Z
firefox-0:102.12.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:3597	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
firefox-0:102.12.0-1.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:3560	2023-06-13T00:00:00Z
thunderbird-0:102.12.0-1.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:3566	2023-06-13T00:00:00Z
Red Hat Enterprise Linux 9
thunderbird-0:102.12.0-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:3587	2023-06-14T00:00:00Z
firefox-0:102.12.0-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:3589	2023-06-14T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
firefox-0:102.12.0-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:3562	2023-06-13T00:00:00Z
thunderbird-0:102.12.0-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:3567	2023-06-13T00:00:00Z

Link	Providers
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339
https://nvd.nist.gov/vuln/detail/CVE-2023-34416
https://security.gentoo.org/glsa/202312-03
https://security.gentoo.org/glsa/202401-10
https://www.cve.org/CVERecord?id=CVE-2023-34416
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416
https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416
https://www.mozilla.org/security/advisories/mfsa2023-19/
https://www.mozilla.org/security/advisories/mfsa2023-20/
https://www.mozilla.org/security/advisories/mfsa2023-21/

Type	Values Removed	Values Added
Description	Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.	Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34416", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-06-05T16:57:22.625Z", "datePublished": "2023-06-19T10:17:18.830Z", "dateUpdated": "2025-02-13T16:55:32.403Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "102.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "114", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "102.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "user": "00000000-0000-4000-9000-000000000000", "value": "Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 102.12, Firefox &lt; 114, and Thunderbird &lt; 102.12.</p>"}], "value": "Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12."}], "problemTypes": [{"descriptions": [{"description": "Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12", "lang": "en"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-01-07T11:08:02.234Z"}, "references": [{"name": "Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-19/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-20/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-21/"}, {"url": "https://security.gentoo.org/glsa/202312-03"}, {"url": "https://security.gentoo.org/glsa/202401-10"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.829Z"}, "title": "CVE Program Container", "references": [{"name": "Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-19/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-20/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-21/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202312-03", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-10", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-34416 (string)

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

state : PUBLISHED (string)

assignerShortName : mozilla (string)

dateReserved : 2023-06-05T16:57:22.625Z (string)

datePublished : 2023-06-19T10:17:18.830Z (string)

dateUpdated : 2025-02-13T16:55:32.403Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : Firefox ESR (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 102.12 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : Firefox (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 114 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : Thunderbird (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 102.12 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <p>Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.</p> (string)

}

]

value : Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12 (string)

lang : en (string)

}

]

}

]

providerMetadata : { »

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

dateUpdated : 2024-01-07T11:08:02.234Z (string)

}

references : [ »

0 : { »

name : Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12 (string)

url : https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339 (string)

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-19/ (string)

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-20/ (string)

}

3 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-21/ (string)

}

4 : { »

url : https://security.gentoo.org/glsa/202312-03 (string)

}

5 : { »

url : https://security.gentoo.org/glsa/202401-10 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T16:10:06.829Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : Memory safety bugs fixed in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12 (string)

url : https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-19/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-20/ (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-21/ (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://security.gentoo.org/glsa/202312-03 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://security.gentoo.org/glsa/202401-10 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "87A5ED08-8A22-4144-8223-261C87F2AEF4", "versionEndExcluding": "114.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3DC7FD5-B031-47F0-AC87-DA4D445F974E", "versionEndExcluding": "102.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "20E9EB3F-4BB0-4C7A-A1A8-836E2CA174AD", "versionEndExcluding": "102.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12."}], "id": "CVE-2023-34416", "lastModified": "2025-02-13T17:16:36.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-19T11:15:11.023", "references": [{"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/202312-03"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/202401-10"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-19/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-20/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-21/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202312-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-19/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-20/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-21/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 87A5ED08-8A22-4144-8223-261C87F2AEF4 (string)

versionEndExcluding : 114.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B3DC7FD5-B031-47F0-AC87-DA4D445F974E (string)

versionEndExcluding : 102.12 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 20E9EB3F-4BB0-4C7A-A1A8-836E2CA174AD (string)

versionEndExcluding : 102.12 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. (string)

}

]

id : CVE-2023-34416 (string)

lastModified : 2025-02-13T17:16:36.320 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-06-19T11:15:11.023 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Broken Link (string)

]

url : https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339 (string)

}

1 : { »

source : security@mozilla.org (string)

url : https://security.gentoo.org/glsa/202312-03 (string)

}

2 : { »

source : security@mozilla.org (string)

url : https://security.gentoo.org/glsa/202401-10 (string)

}

3 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-19/ (string)

}

4 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-20/ (string)

}

5 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-21/ (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/202312-03 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/202401-10 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-19/ (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-20/ (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-21/ (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "affected_release": [{"advisory": "RHSA-2023:3563", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:102.12.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3579", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:102.12.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3588", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:102.12.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3590", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:102.12.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3561", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:102.12.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3564", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:102.12.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3565", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:102.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3578", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:102.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3565", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:102.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3578", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:102.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3565", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:102.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3578", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:102.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3596", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:102.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3597", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:102.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3596", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:102.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3597", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:102.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3596", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:102.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3597", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:102.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3560", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "firefox-0:102.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3566", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "thunderbird-0:102.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3587", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:102.12.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3589", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:102.12.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-14T00:00:00Z"}, {"advisory": "RHSA-2023:3562", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "firefox-0:102.12.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-06-13T00:00:00Z"}, {"advisory": "RHSA-2023:3567", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "thunderbird-0:102.12.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-06-13T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12", "id": "2212842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212842"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."], "name": "CVE-2023-34416", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2023-06-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-34416\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34416\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{

acknowledgement : Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2023:3563 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : thunderbird-0:102.12.0-1.el7_9 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2023-06-13T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:3579 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : firefox-0:102.12.0-1.el7_9 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2023-06-14T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2023:3588 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : thunderbird-0:102.12.0-1.el8_8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-06-14T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2023:3590 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : firefox-0:102.12.0-1.el8_8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-06-14T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2023:3561 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.1 (string)

package : firefox-0:102.12.0-1.el8_1 (string)

product_name : Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions (string)

release_date : 2023-06-13T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2023:3564 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.1 (string)

package : thunderbird-0:102.12.0-1.el8_1 (string)

product_name : Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions (string)

release_date : 2023-06-13T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2023:3565 (string)

cpe : cpe:/a:redhat:rhel_aus:8.2 (string)

package : thunderbird-0:102.12.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Advanced Update Support (string)

release_date : 2023-06-13T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2023:3578 (string)

cpe : cpe:/a:redhat:rhel_aus:8.2 (string)

package : firefox-0:102.12.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Advanced Update Support (string)

release_date : 2023-06-14T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2023:3565 (string)

cpe : cpe:/a:redhat:rhel_tus:8.2 (string)

package : thunderbird-0:102.12.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Telecommunications Update Service (string)

release_date : 2023-06-13T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2023:3578 (string)

cpe : cpe:/a:redhat:rhel_tus:8.2 (string)

package : firefox-0:102.12.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Telecommunications Update Service (string)

release_date : 2023-06-14T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2023:3565 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.2 (string)

package : thunderbird-0:102.12.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions (string)

release_date : 2023-06-13T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2023:3578 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.2 (string)

package : firefox-0:102.12.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions (string)

release_date : 2023-06-14T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2023:3596 (string)

cpe : cpe:/a:redhat:rhel_aus:8.4 (string)

package : thunderbird-0:102.12.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support (string)

release_date : 2023-06-14T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2023:3597 (string)

cpe : cpe:/a:redhat:rhel_aus:8.4 (string)

package : firefox-0:102.12.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support (string)

release_date : 2023-06-14T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2023:3596 (string)

cpe : cpe:/a:redhat:rhel_tus:8.4 (string)

package : thunderbird-0:102.12.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Telecommunications Update Service (string)

release_date : 2023-06-14T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2023:3597 (string)

cpe : cpe:/a:redhat:rhel_tus:8.4 (string)

package : firefox-0:102.12.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Telecommunications Update Service (string)

release_date : 2023-06-14T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2023:3596 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.4 (string)

package : thunderbird-0:102.12.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions (string)

release_date : 2023-06-14T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2023:3597 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.4 (string)

package : firefox-0:102.12.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions (string)

release_date : 2023-06-14T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2023:3560 (string)

cpe : cpe:/a:redhat:rhel_eus:8.6 (string)

package : firefox-0:102.12.0-1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2023-06-13T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2023:3566 (string)

cpe : cpe:/a:redhat:rhel_eus:8.6 (string)

package : thunderbird-0:102.12.0-1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2023-06-13T00:00:00Z (string)

}

20 : { »

advisory : RHSA-2023:3587 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : thunderbird-0:102.12.0-1.el9_2 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-06-14T00:00:00Z (string)

}

21 : { »

advisory : RHSA-2023:3589 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : firefox-0:102.12.0-1.el9_2 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-06-14T00:00:00Z (string)

}

22 : { »

advisory : RHSA-2023:3562 (string)

cpe : cpe:/a:redhat:rhel_eus:9.0 (string)

package : firefox-0:102.12.0-1.el9_0 (string)

product_name : Red Hat Enterprise Linux 9.0 Extended Update Support (string)

release_date : 2023-06-13T00:00:00Z (string)

}

23 : { »

advisory : RHSA-2023:3567 (string)

cpe : cpe:/a:redhat:rhel_eus:9.0 (string)

package : thunderbird-0:102.12.0-1.el9_0 (string)

product_name : Red Hat Enterprise Linux 9.0 Extended Update Support (string)

release_date : 2023-06-13T00:00:00Z (string)

}

]

bugzilla : { »

description : Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (string)

id : 2212842 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2212842 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 9.8 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-120 (string)

details : [ »

0 : Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. (string)

1 : The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (string)

]

name : CVE-2023-34416 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : firefox (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : thunderbird (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

]

public_date : 2023-06-06T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2023-34416 https://nvd.nist.gov/vuln/detail/CVE-2023-34416 https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416 https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416 (string)

]

statement : Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. (string)

threat_severity : Important (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object