Vulnerability-Lookup

CVE-2023-25729 (GCVE-0-2023-25729)

Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-10 17:35

Summary

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Extensions could have opened external schemes without user knowledge

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://bugzilla.mozilla.org/show_bug.cgi?id=1792138

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: unspecified , < 110 (custom)

	Mozilla	Thunderbird	Affected: unspecified , < 102.8 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 102.8 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:32:12.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-25729",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T17:35:34.667450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T17:35:40.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "110",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Extensions could have opened external schemes without user knowledge",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-02T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2023-25729",
    "datePublished": "2023-06-02T00:00:00.000Z",
    "dateReserved": "2023-02-13T00:00:00.000Z",
    "dateUpdated": "2025-01-10T17:35:40.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-06/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-05/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-07/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1792138\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:32:12.249Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-10T17:35:34.667450Z\"}}}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1792138\", \"tags\": [\"exploit\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-10T17:34:06.457Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"110\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.8\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.8\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-06/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-05/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-07/\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1792138\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Extensions could have opened external schemes without user knowledge\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2023-06-02T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-25729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-10T17:35:40.802Z\", \"dateReserved\": \"2023-02-13T00:00:00.000Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2023-06-02T00:00:00.000Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cve-2023-25729

Vulnerability from osv_almalinux

Published

2023-02-20 00:00

Modified

2023-02-21 17:34

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.8.0 ESR.

Security Fix(es):

Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.8.0-2.el8_7.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:0808",
  "modified": "2023-02-21T17:34:13Z",
  "published": "2023-02-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:0808"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25728"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25729"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25730"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25732"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25735"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25737"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25739"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25742"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25746"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170375"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170376"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170377"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170378"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170379"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170381"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170383"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170390"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170391"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170402"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-0808.html"
    }
  ],
  "related": [
    "CVE-2023-0767",
    "CVE-2023-25728",
    "CVE-2023-25730",
    "CVE-2023-25735",
    "CVE-2023-25737",
    "CVE-2023-25739",
    "CVE-2023-25743",
    "CVE-2023-25744",
    "CVE-2023-25746",
    "CVE-2023-25729",
    "CVE-2023-25732",
    "CVE-2023-25742"
  ],
  "summary": "Important: firefox security update"
}

cve-2023-25729

Vulnerability from osv_almalinux

Published

2023-02-20 00:00

Modified

2023-02-21 17:50

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.8.0.

Security Fix(es):

Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)
Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.8.0-2.el9_1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:0824",
  "modified": "2023-02-21T17:50:38Z",
  "published": "2023-02-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:0824"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0616"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25728"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25729"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25730"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25732"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25735"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25737"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25739"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25742"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25746"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170375"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170376"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170377"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170378"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170379"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170381"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170383"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170390"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170391"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170402"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171397"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-0824.html"
    }
  ],
  "related": [
    "CVE-2023-0767",
    "CVE-2023-25728",
    "CVE-2023-25730",
    "CVE-2023-25735",
    "CVE-2023-25737",
    "CVE-2023-25739",
    "CVE-2023-25743",
    "CVE-2023-25744",
    "CVE-2023-25746",
    "CVE-2023-25729",
    "CVE-2023-25732",
    "CVE-2023-0616",
    "CVE-2023-25742"
  ],
  "summary": "Important: thunderbird security update"
}

cve-2023-25729

Vulnerability from osv_almalinux

Published

2023-02-20 00:00

Modified

2023-02-21 17:40

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.8.0 ESR.

Security Fix(es):

Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.8.0-2.el9_1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.8.0-2.el9_1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:0810",
  "modified": "2023-02-21T17:40:39Z",
  "published": "2023-02-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:0810"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25728"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25729"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25730"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25732"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25735"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25737"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25739"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25742"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25746"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170375"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170376"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170377"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170378"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170379"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170381"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170383"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170390"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170391"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170402"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-0810.html"
    }
  ],
  "related": [
    "CVE-2023-0767",
    "CVE-2023-25728",
    "CVE-2023-25730",
    "CVE-2023-25735",
    "CVE-2023-25737",
    "CVE-2023-25739",
    "CVE-2023-25743",
    "CVE-2023-25744",
    "CVE-2023-25746",
    "CVE-2023-25729",
    "CVE-2023-25732",
    "CVE-2023-25742"
  ],
  "summary": "Important: firefox security update"
}

cve-2023-25729

Vulnerability from osv_almalinux

Published

2023-02-20 00:00

Modified

2023-02-21 17:44

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.8.0.

Security Fix(es):

Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)
Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.8.0-2.el8_7.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:0821",
  "modified": "2023-02-21T17:44:48Z",
  "published": "2023-02-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:0821"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0616"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25728"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25729"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25730"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25732"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25735"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25737"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25739"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25742"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25746"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170375"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170376"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170377"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170378"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170379"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170381"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170383"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170390"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170391"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2170402"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2171397"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-0821.html"
    }
  ],
  "related": [
    "CVE-2023-0767",
    "CVE-2023-25728",
    "CVE-2023-25730",
    "CVE-2023-25735",
    "CVE-2023-25737",
    "CVE-2023-25739",
    "CVE-2023-25743",
    "CVE-2023-25744",
    "CVE-2023-25746",
    "CVE-2023-25729",
    "CVE-2023-25732",
    "CVE-2023-0616",
    "CVE-2023-25742"
  ],
  "summary": "Important: thunderbird security update"
}

GHSA-VHJV-4VF6-MC9X

Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:29

Details

Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-25729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-02T17:15:11Z",
    "severity": "HIGH"
  },
  "details": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
  "id": "GHSA-vhjv-4vf6-mc9x",
  "modified": "2024-04-04T04:29:54Z",
  "published": "2023-06-02T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25729"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-05"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-06"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-25729

Vulnerability from fkie_nvd - Published: 2023-06-02 17:15 - Updated: 2025-01-10 18:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1792138	Issue Tracking, Permissions Required
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2023-05/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2023-06/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2023-07/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1792138	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2023-05/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2023-06/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2023-07/	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://bugzilla.mozilla.org/show_bug.cgi?id=1792138	Issue Tracking, Permissions Required

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1",
              "versionEndExcluding": "110.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD",
              "versionEndExcluding": "102.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170",
              "versionEndExcluding": "102.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8."
    }
  ],
  "id": "CVE-2023-25729",
  "lastModified": "2025-01-10T18:15:17.783",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-06-02T17:15:11.050",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2023-AVI-0124

Vulnerability from certfr_avis - Published: 2023-02-15 - Updated: 2023-02-15

De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 110
	Mozilla	Firefox	Firefox ESR versions antérieures à 102.8

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2023-05 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2023-06 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité Mozilla du 14 février 2023	-	other
Bulletin de sécurité Mozilla du 14 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 110",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 102.8",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25730"
    },
    {
      "name": "CVE-2023-25728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25728"
    },
    {
      "name": "CVE-2023-25735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25735"
    },
    {
      "name": "CVE-2023-25739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25739"
    },
    {
      "name": "CVE-2023-25729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25729"
    },
    {
      "name": "CVE-2023-25731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25731"
    },
    {
      "name": "CVE-2023-25744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25744"
    },
    {
      "name": "CVE-2023-25732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25732"
    },
    {
      "name": "CVE-2023-25740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25740"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2023-25733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25733"
    },
    {
      "name": "CVE-2023-25742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25742"
    },
    {
      "name": "CVE-2023-25737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25737"
    },
    {
      "name": "CVE-2023-25734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25734"
    },
    {
      "name": "CVE-2023-25745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25745"
    },
    {
      "name": "CVE-2023-25736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25736"
    },
    {
      "name": "CVE-2023-25741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25741"
    },
    {
      "name": "CVE-2023-25746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25746"
    },
    {
      "name": "CVE-2023-25738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25738"
    },
    {
      "name": "CVE-2023-25743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25743"
    }
  ],
  "initial_release_date": "2023-02-15T00:00:00",
  "last_revision_date": "2023-02-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 14 f\u00e9vrier 2023",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 14 f\u00e9vrier 2023",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/"
    }
  ],
  "reference": "CERTFR-2023-AVI-0124",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans\u003cspan\nclass=\"textit\"\u003e\u00a0Mozilla\u00a0Firefox\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-05 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-06 du 14 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

CERTFR-2023-AVI-0139

Vulnerability from certfr_avis - Published: 2023-02-16 - Updated: 2023-02-16

De multiples vulnérabilités ont été corrigées dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 102.8

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2023-07 du 15 février 2023	None	vendor-advisory
Bulletin de sécurité Mozilla du 15 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 102.8",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25730"
    },
    {
      "name": "CVE-2023-25728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25728"
    },
    {
      "name": "CVE-2023-25735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25735"
    },
    {
      "name": "CVE-2023-0616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0616"
    },
    {
      "name": "CVE-2023-25739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25739"
    },
    {
      "name": "CVE-2023-25729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25729"
    },
    {
      "name": "CVE-2023-25732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25732"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2023-25742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25742"
    },
    {
      "name": "CVE-2023-25737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25737"
    },
    {
      "name": "CVE-2023-25734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25734"
    },
    {
      "name": "CVE-2023-25746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25746"
    },
    {
      "name": "CVE-2023-25738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25738"
    }
  ],
  "initial_release_date": "2023-02-16T00:00:00",
  "last_revision_date": "2023-02-16T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 15 f\u00e9vrier 2023",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/"
    }
  ],
  "reference": "CERTFR-2023-AVI-0139",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Thunderbird\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-07 du 15 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

GSD-2023-25729

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-25729

Aliases

CVE-2023-25729

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-25729",
    "id": "GSD-2023-25729",
    "references": [
      "https://www.debian.org/security/2023/dsa-5350",
      "https://www.debian.org/security/2023/dsa-5355",
      "https://advisories.mageia.org/CVE-2023-25729.html",
      "https://access.redhat.com/errata/RHSA-2023:0805",
      "https://access.redhat.com/errata/RHSA-2023:0806",
      "https://access.redhat.com/errata/RHSA-2023:0807",
      "https://access.redhat.com/errata/RHSA-2023:0808",
      "https://access.redhat.com/errata/RHSA-2023:0809",
      "https://access.redhat.com/errata/RHSA-2023:0810",
      "https://access.redhat.com/errata/RHSA-2023:0811",
      "https://access.redhat.com/errata/RHSA-2023:0812",
      "https://access.redhat.com/errata/RHSA-2023:0817",
      "https://access.redhat.com/errata/RHSA-2023:0818",
      "https://access.redhat.com/errata/RHSA-2023:0819",
      "https://access.redhat.com/errata/RHSA-2023:0820",
      "https://access.redhat.com/errata/RHSA-2023:0821",
      "https://access.redhat.com/errata/RHSA-2023:0822",
      "https://access.redhat.com/errata/RHSA-2023:0823",
      "https://access.redhat.com/errata/RHSA-2023:0824",
      "https://www.suse.com/security/cve/CVE-2023-25729.html",
      "https://ubuntu.com/security/CVE-2023-25729"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-25729"
      ],
      "details": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
      "id": "GSD-2023-25729",
      "modified": "2023-12-13T01:20:40.579254Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2023-25729",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "110"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "102.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "102.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Extensions could have opened external schemes without user knowledge"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "102.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "102.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "110.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2023-25729"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Permissions Required"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-08T14:03Z",
      "publishedDate": "2023-06-02T17:15Z"
    }
  }
}

CVE-2023-25729

Vulnerability from fstec - Published: 15.02.2023

Title

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с неправильной нейтрализаций закодированных схем URI на веб-странице, позволяющая нарушителю загрузить файлы или взаимодействовать с программным обеспечением, уже установленным в системе

Description

Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird связана с неправильной нейтрализаций закодированных схем URI на веб-странице. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, загрузить файлы или взаимодействовать с программным обеспечением, уже установленным в системе

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», АО «ИВК», Mozilla Corp., АО "НППКТ"

Software Name

Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Thunderbird, Firefox, Firefox ESR, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 9.0 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), до 102.8 (Thunderbird), до 110 (Firefox), до 102.8 (Firefox ESR), до 2.8 (ОСОН ОСнова Оnyx)

Possible Mitigations

Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для программных продуктов Mozilla Corp.: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-25729 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2023-25729 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства Для ОСОН ОСнова Оnyx: Обновление программного обеспечения firefox-esr до версии 102.13.0esr+repack-1~deb10u1.osnova1 Обновление программного обеспечения thunderbird до версии 1:102.13.1+repack-1~deb10u1.osnova1 Для Astra Linux Special Edition 4.7: - обновить пакет firefox до 111.0.1+build2-0ubuntu0.18.04.1+ci202304041739+astra12 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47 - обновить пакет thunderbird до 1:115.3.1+build1-0ubuntu1+ci202310041156+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47 Для ОС Astra Linux: - обновить пакет firefox до 111.0.1+build2-0ubuntu0.18.04.1+ci202304041739+astra12 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 - обновить пакет thunderbird до 1:102.8.0+build2-0ubuntu1astra1+ci202302211317+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для ОС Astra Linux 1.6 «Смоленск»: - обновить пакет thunderbird до 1:115.5.0+build1-0ubuntu1+ci202311280951+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16 - обновить пакет firefox до 120.0+build2-0ubuntu0.20.04.1+ci202311281348+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16

Reference

https://redos.red-soft.ru/support/secure/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/ https://security-tracker.debian.org/tracker/CVE-2023-25729 https://access.redhat.com/security/cve/CVE-2023-25729 https://altsp.su/obnovleniya-bezopasnosti/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16

CWE

CWE-84

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 9.0 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), \u0434\u043e 102.8 (Thunderbird), \u0434\u043e 110 (Firefox), \u0434\u043e 102.8 (Firefox ESR), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-05/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-25729\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-25729\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 102.13.0esr+repack-1~deb10u1.osnova1\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:102.13.1+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 111.0.1+build2-0ubuntu0.18.04.1+ci202304041739+astra12 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.3.1+build1-0ubuntu1+ci202310041156+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 111.0.1+build2-0ubuntu0.18.04.1+ci202304041739+astra12 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:102.8.0+build2-0ubuntu1astra1+ci202302211317+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.5.0+build1-0ubuntu1+ci202311280951+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 120.0+build2-0ubuntu0.20.04.1+ci202311281348+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.02.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.03.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01271",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-25729",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Thunderbird, Firefox, Firefox ESR, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8.2 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.0 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Mozilla Firefox ESR, \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Mozilla Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0439 \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0445\u0435\u043c URI \u043d\u0430 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435\u043c, \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0445\u0435\u043c URI \u043d\u0430 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 (CWE-84)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Mozilla Firefox ESR, \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Mozilla Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0439 \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0445\u0435\u043c URI \u043d\u0430 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435\u043c, \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-05/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/\nhttps://security-tracker.debian.org/tracker/CVE-2023-25729\nhttps://access.redhat.com/security/cve/CVE-2023-25729\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-84",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-25729 (GCVE-0-2023-25729)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solution

Solution

Tags

Sightings

Nomenclature