CVE-2023-32215
First published: Tue May 09 2023(Updated: )
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Credit: security@mozilla.org security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/firefox | <0:102.11.0-2.el7_9 | 0:102.11.0-2.el7_9 |
| redhat/thunderbird | <0:102.11.0-1.el7_9 | 0:102.11.0-1.el7_9 |
| redhat/firefox | <0:102.11.0-2.el8_7 | 0:102.11.0-2.el8_7 |
| redhat/thunderbird | <0:102.11.0-1.el8_7 | 0:102.11.0-1.el8_7 |
| redhat/firefox | <0:102.11.0-2.el8_1 | 0:102.11.0-2.el8_1 |
| redhat/thunderbird | <0:102.11.0-1.el8_1 | 0:102.11.0-1.el8_1 |
| redhat/firefox | <0:102.11.0-2.el8_2 | 0:102.11.0-2.el8_2 |
| redhat/thunderbird | <0:102.11.0-1.el8_2 | 0:102.11.0-1.el8_2 |
| redhat/firefox | <0:102.11.0-2.el8_4 | 0:102.11.0-2.el8_4 |
| redhat/thunderbird | <0:102.11.0-1.el8_4 | 0:102.11.0-1.el8_4 |
| redhat/firefox | <0:102.11.0-2.el8_6 | 0:102.11.0-2.el8_6 |
| redhat/thunderbird | <0:102.11.0-1.el8_6 | 0:102.11.0-1.el8_6 |
| redhat/firefox | <0:102.11.0-2.el9_2 | 0:102.11.0-2.el9_2 |
| redhat/thunderbird | <0:102.11.0-1.el9_2 | 0:102.11.0-1.el9_2 |
| redhat/firefox | <0:102.11.0-2.el9_0 | 0:102.11.0-2.el9_0 |
| redhat/thunderbird | <0:102.11.0-1.el9_0 | 0:102.11.0-1.el9_0 |
| Mozilla Thunderbird | <102.11 | 102.11 |
| Mozilla Firefox ESR | <102.11 | 102.11 |
| redhat/firefox | <102.11 | 102.11 |
| redhat/thunderbird | <102.11 | 102.11 |
| Mozilla Firefox | <113 | 113 |
| Mozilla Firefox | <113.0 | |
| Mozilla Firefox ESR | <102.11 | |
| Mozilla Thunderbird | <102.11 | |
| ubuntu/firefox | <113.0+ | 113.0+ |
| ubuntu/firefox | <113.0+ | 113.0+ |
| ubuntu/mozjs102 | <102.11.0-0ubuntu0.22.04.1 | 102.11.0-0ubuntu0.22.04.1 |
| ubuntu/mozjs102 | <102.11.0-0ubuntu0.22.10.1 | 102.11.0-0ubuntu0.22.10.1 |
| ubuntu/mozjs102 | <102.11.0-0ubuntu0.23.04.1 | 102.11.0-0ubuntu0.23.04.1 |
| ubuntu/thunderbird | <1:102.11.0+ | 1:102.11.0+ |
| ubuntu/thunderbird | <1:102.11.0+ | 1:102.11.0+ |
| ubuntu/thunderbird | <1:102.11.0+ | 1:102.11.0+ |
| ubuntu/thunderbird | <1:102.11.0+ | 1:102.11.0+ |
| ubuntu/thunderbird | <1:102.11.0+ | 1:102.11.0+ |
| debian/firefox | 128.0.2-1 | |
| debian/firefox-esr | 115.12.0esr-1~deb11u1 115.13.0esr-1~deb11u1 115.12.0esr-1~deb12u1 115.13.0esr-1~deb12u1 115.12.0esr-1 115.13.0esr-2 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.13.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.13.0-1~deb12u1 1:115.13.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
- https://www.cve.org/CVERecord?id=CVE-2023-32215 https://nvd.nist.gov/vuln/detail/CVE-2023-32215 https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215 https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215
- https://bugzilla.redhat.com/show_bug.cgi?id=2196753
- https://access.redhat.com/errata/RHSA-2023:3137
- https://access.redhat.com/errata/RHSA-2023:3151
- https://access.redhat.com/errata/RHSA-2023:3220
- https://access.redhat.com/errata/RHSA-2023:3221
- https://access.redhat.com/errata/RHSA-2023:3138
- https://access.redhat.com/errata/RHSA-2023:3152
- https://access.redhat.com/errata/RHSA-2023:3139
- https://access.redhat.com/errata/RHSA-2023:3153
- https://access.redhat.com/errata/RHSA-2023:3140
- https://access.redhat.com/errata/RHSA-2023:3154
- https://access.redhat.com/errata/RHSA-2023:3141
- https://access.redhat.com/errata/RHSA-2023:3155
- https://access.redhat.com/errata/RHSA-2023:3143
- https://access.redhat.com/errata/RHSA-2023:3150
- https://access.redhat.com/errata/RHSA-2023:3142
- https://access.redhat.com/errata/RHSA-2023:3149
- https://access.redhat.com/security/cve/cve-2023-32215
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
- https://launchpad.net/bugs/cve/CVE-2023-32215
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32215
- https://security-tracker.debian.org/tracker/CVE-2023-32215
- https://ubuntu.com/security/notices/USN-6074-1
- https://ubuntu.com/security/notices/USN-6075-1
- https://ubuntu.com/security/notices/USN-6120-1
- https://www.cve.org/CVERecord?id=CVE-2023-32215
- https://nvd.nist.gov/vuln/detail/CVE-2023-32215
- https://ubuntu.com/security/CVE-2023-32215
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2023-32215?
CVE-2023-32215 refers to memory safety bugs present in Firefox 112 and Firefox ESR 102.10 that could potentially lead to memory corruption.
What is the severity of CVE-2023-32215?
CVE-2023-32215 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2023-32215?
Firefox versions up to and excluding 113, Firefox ESR versions up to and excluding 102.11, Thunderbird versions up to and excluding 102.11, and certain versions of Firefox and Thunderbird on Red Hat and Ubuntu are affected.
How can I fix CVE-2023-32215?
To fix CVE-2023-32215, update to Firefox version 113 or later, Firefox ESR version 102.11 or later, Thunderbird version 102.11 or later, or the latest available version provided by your operating system vendor.
Where can I find more information about CVE-2023-32215?
You can find more information about CVE-2023-32215 on the Mozilla Security Advisories page: [link](https://www.mozilla.org/security/advisories/mfsa2023-16/), [link](https://www.mozilla.org/security/advisories/mfsa2023-18/), [link](https://www.mozilla.org/security/advisories/mfsa2023-17/)
- collector/nvd-latest
- collector/redhat-cve
- collector/mozilla-advisory
- collector/mitre-cve
- source/MITRE
- collector/launchpad-cve
- source/Launchpad
- agent/last-modified-date
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/weakness
- agent/severity
- source/Mozilla
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-32215
- agent/description
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/nvd-index
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- package-manager/debian
- package-manager/ubuntu