Описание
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 120.0-1 | package | |
| firefox-esr | fixed | 115.5.0esr-1 | package | |
| thunderbird | fixed | 1:115.5.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6205
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205
Связанные уязвимости
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.
Уязвимость функции MessagePort::Entangled() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие