Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4055

Published: 01/08/2023 Updated: 09/08/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Mozilla

Vulnerability Summary

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045) In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046) A bug in popup notifications delay calculation could have made it possible for an malicious user to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4047) An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4048) Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049) In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050) When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4055) Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox esr

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian Security Advisories: DSA-5469-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code For the oldstable distribution (bullseye), these problems have been fixed in version 1:102140-1~deb11u1 For the stable distribution (bookworm), these problems have been fixed in version 1:102140-1~deb12u1 We rec ...
Debian Security Advisories: DSA-5464-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass For the oldstable distribution (bullseye), these problems have been fixed in version 102140esr-1~deb11u1 For the stable distribution (bookwor ...
Amazon Linux 2: ALASFIREFOX-2023-002
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy This vulnerability affects Firefox < 116, Firefox ESR < 10214, and Firefox ESR < 1151 (CVE-2023-4045) In some circumstances, a stale value could have been used for a global ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Securit ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat Enterpr ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Tel ...
Red Hat:
Description<!---->The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in `documentcookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state This could have caused requests to be sent with some cookies missingThe Mozilla Foundation Secur ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 102.14
Mozilla Foundation Security Advisory 2023-32 Security Vulnerabilities fixed in Thunderbird 10214 Announced August 2, 2023 Impact high Products Thunderbird Fixed in Thunderbird 10214 ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 115.1
Mozilla Foundation Security Advisory 2023-33 Security Vulnerabilities fixed in Thunderbird 1151 Announced August 2, 2023 Impact high Products Thunderbird Fixed in Thunderbird 1151 ...

References

NVD-CWE-noinfohttps://www.mozilla.org/security/advisories/mfsa2023-30/https://www.mozilla.org/security/advisories/mfsa2023-31/https://bugzilla.mozilla.org/show_bug.cgi?id=1782561https://www.mozilla.org/security/advisories/mfsa2023-29/https://www.debian.org/security/2023/dsa-5464https://www.debian.org/security/2023/dsa-5469https://lists.debian.org/debian-lts-announce/2023/08/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00010.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5469https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-002.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook