CVE-2023-6864

CVE Database · CVE-2023-6864

CVE-2023-6864

· HIGHModified

CVSS v3.1

8.8

EPSS

1.19%

Published

Dec 19, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (6)

mozilla · firefox (up to 121.0)vulnerable

mozilla · firefox_esr (up to 115.6)vulnerable

mozilla · thunderbird (up to 115.6)vulnerable

debian · debian_linuxvulnerable

References (18)

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015

Broken LinkIssue Tracking