First published: Tue Nov 21 2023(Updated: )
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
|Affected Software||Affected Version||How to fix|
|Mozilla Firefox ESR||<115.5|
|Mozilla Firefox ESR||<115.5.0|
|Debian Debian Linux||=10.0|
|Debian Debian Linux||=11.0|
|Debian Debian Linux||=12.0|
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-6205 is a vulnerability that allows the use of a MessagePort after it has been freed, potentially leading to an exploitable crash.
Mozilla Firefox versions prior to 120, Mozilla Firefox versions prior to 115.5, and Mozilla Thunderbird versions prior to 115.5.0 are affected by CVE-2023-6205.
CVE-2023-6205 has a severity level of high (7 out of 10).
To fix CVE-2023-6205, update your Mozilla Firefox or Mozilla Thunderbird to the recommended versions: Firefox 120 or later, Firefox 115.5.0 or later, or Thunderbird 115.5.0 or later.
You can find more information about CVE-2023-6205 in the following references: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1854076), [Mozilla Security Advisories](https://www.mozilla.org/security/advisories/mfsa2023-49/), [Mozilla Security Advisories](https://www.mozilla.org/security/advisories/mfsa2023-50/).