Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-6267-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4058)
Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. (CVE-2023-4045)
Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-4046)
Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-4050)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-4045",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4046",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4047",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4048",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4049",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4050",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4051",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-4053",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Firefox. If a user were\ntricked into opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation across domains, or execute arbitrary code. (CVE-2023-4047,\nCVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055,\nCVE-2023-4056, CVE-2023-4057, CVE-2023-4058)\n\nMax Vlasov discovered that Firefox Offscreen Canvas did not properly track\ncross-origin tainting. An attacker could potentially exploit this issue to\naccess image data from another site in violation of same-origin policy.\n(CVE-2023-4045)\n\nAlexander Guryanov discovered that Firefox did not properly update the\nvalue of a global variable in WASM JIT analysis in some circumstances. An\nattacker could potentially exploit this issue to cause a denial of service.\n(CVE-2023-4046)\n\nMark Brand discovered that Firefox did not properly validate the size of\nan untrusted input stream. An attacker could potentially exploit this issue\nto cause a denial of service. (CVE-2023-4050)\n",
"id": "USN-6267-1",
"modified": "2026-04-22T07:37:05Z",
"published": "2023-08-02T06:19:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4045"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4046"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4047"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4048"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4049"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4050"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4051"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4053"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4055"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4056"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4057"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4058"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "firefox vulnerabilities",
"upstream": [
"UBUNTU-CVE-2023-4045",
"UBUNTU-CVE-2023-4046",
"UBUNTU-CVE-2023-4047",
"UBUNTU-CVE-2023-4048",
"UBUNTU-CVE-2023-4049",
"UBUNTU-CVE-2023-4050",
"UBUNTU-CVE-2023-4051",
"UBUNTU-CVE-2023-4053",
"UBUNTU-CVE-2023-4055",
"UBUNTU-CVE-2023-4056",
"UBUNTU-CVE-2023-4057",
"UBUNTU-CVE-2023-4058"
]
}
ubuntu-cve-2023-4045
Vulnerability from osv_ubuntu
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4045",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4045"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1833876"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4045"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4045"
]
}
ubuntu-cve-2023-4046
Vulnerability from osv_ubuntu
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.15.1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
}
],
"aliases": [],
"details": "In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4046",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4046"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837686"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6406-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4046"
}
],
"related": [
"USN-6267-1",
"USN-6333-1",
"USN-6406-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4046"
]
}
ubuntu-cve-2023-4047
Vulnerability from osv_ubuntu
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4047",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4047"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839073"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4047"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4047"
]
}
ubuntu-cve-2023-4048
Vulnerability from osv_ubuntu
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4048",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4048"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841368"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4048"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4048"
]
}
ubuntu-cve-2023-4049
Vulnerability from osv_ubuntu
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4049",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4049"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842658"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4049"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4049"
]
}
ubuntu-cve-2023-4050
Vulnerability from osv_ubuntu
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4050",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4050"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843038"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4050"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4050"
]
}
ubuntu-cve-2023-4051
Vulnerability from osv_ubuntu
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 115.2, and Thunderbird \u003c 115.2.",
"id": "UBUNTU-CVE-2023-4051",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4051"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821884"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4051"
}
],
"related": [
"USN-6267-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4051"
]
}
ubuntu-cve-2023-4053
Vulnerability from osv_ubuntu
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "116.0+build2-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@116.0+build2-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "116.0+build2-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 115.2, and Thunderbird \u003c 115.2.",
"id": "UBUNTU-CVE-2023-4053",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4053"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839079"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4053"
}
],
"related": [
"USN-6267-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4053"
]
}
ubuntu-cve-2023-4055
Vulnerability from osv_ubuntu
When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4055",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-02T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4055"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1782561"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4055"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4055"
]
}
ubuntu-cve-2023-4056
Vulnerability from osv_ubuntu
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:102.15.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:102.15.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
}
],
"aliases": [],
"details": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 116, Firefox ESR \u003c 102.14, and Firefox ESR \u003c 115.1.",
"id": "UBUNTU-CVE-2023-4056",
"modified": "2026-04-22T07:45:04Z",
"published": "2023-08-02T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-4056"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4056"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6267-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6333-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4056"
}
],
"related": [
"USN-6267-1",
"USN-6333-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-4056"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.