CVE-2023-4585
Description
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linuxβ¦
Description
Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
Red Hat statement
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 | thunderbird-0:102.15.0-1.el7_9 | RHSA-2023:4945 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 7 | firefox-0:102.15.0-1.el7_9 | RHSA-2023:5019 | 2023-09-07T00:00:00Z |
| Red Hat Enterprise Linux 8 | firefox-0:102.15.0-1.el8_8 | RHSA-2023:4952 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8 | thunderbird-0:102.15.0-1.el8_8 | RHSA-2023:4954 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird-0:102.15.0-1.el8_1 | RHSA-2023:4948 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox-0:102.15.0-1.el8_1 | RHSA-2023:4949 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird-0:102.15.0-1.el8_2 | RHSA-2023:4946 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox-0:102.15.0-1.el8_2 | RHSA-2023:4951 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | thunderbird-0:102.15.0-1.el8_2 | RHSA-2023:4946 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | firefox-0:102.15.0-1.el8_2 | RHSA-2023:4951 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | thunderbird-0:102.15.0-1.el8_2 | RHSA-2023:4946 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | firefox-0:102.15.0-1.el8_2 | RHSA-2023:4951 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | thunderbird-0:102.15.0-1.el8_4 | RHSA-2023:4956 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | firefox-0:102.15.0-1.el8_4 | RHSA-2023:4957 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | thunderbird-0:102.15.0-1.el8_4 | RHSA-2023:4956 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | firefox-0:102.15.0-1.el8_4 | RHSA-2023:4957 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | thunderbird-0:102.15.0-1.el8_4 | RHSA-2023:4956 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | firefox-0:102.15.0-1.el8_4 | RHSA-2023:4957 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | firefox-0:102.15.0-1.el8_6 | RHSA-2023:4959 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 9 | thunderbird-0:102.15.0-1.el9_2 | RHSA-2023:4955 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 9 | firefox-0:102.15.0-1.el9_2 | RHSA-2023:4958 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Extended Update Support | thunderbird-0:102.15.0-1.el9_0 | RHSA-2023:4947 | 2023-09-04T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Extended Update Support | firefox-0:102.15.0-1.el9_0 | RHSA-2023:4950 | 2023-09-04T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope |
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope |
Apply commands
yum update -y thunderbird
# or:
dnf upgrade -y thunderbirdOS impact
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | thunderbird-102.15.0-1.el9_2.alma.x86_64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 115.2.0esr-1 |
| sid | Fixed | 117.0-1 |
| forky | Fixed | 115.2.0esr-1 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:4955
- https://access.redhat.com/errata/RHSA-2023:4958
- https://bugzilla.redhat.com/2236071
- https://bugzilla.redhat.com/2236072
- https://bugzilla.redhat.com/2236073
- https://bugzilla.redhat.com/2236075
- https://bugzilla.redhat.com/2236076
- https://bugzilla.redhat.com/2236077
- https://bugzilla.redhat.com/2236078
- https://bugzilla.redhat.com/2236079
- https://bugzilla.redhat.com/2236080
- https://bugzilla.redhat.com/2236082
- https://bugzilla.redhat.com/2236084
- https://bugzilla.redhat.com/2236086
- https://errata.almalinux.org/9/ALSA-2023-4955.html
- https://errata.rockylinux.org/RLSA-2023:4952
- https://errata.rockylinux.org/RLSA-2023:4954
- https://security-tracker.debian.org/tracker/CVE-2023-4585
- https://errata.almalinux.org/9/ALSA-2023-4958.html
- https://access.redhat.com/errata/RHSA-2023:4952
- https://errata.almalinux.org/8/ALSA-2023-4952.html
- https://access.redhat.com/errata/RHSA-2023:4954
- https://errata.almalinux.org/8/ALSA-2023-4954.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.