=====================================================================

                               CERT-Renater

                     Note d'Information No. 2023/VULN361

_____________________________________________________________________

DATE                : 28/09/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to
                                       115.3.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2023-43
Security Vulnerabilities fixed in Thunderbird 115.3

Announced
     September 26, 2023
Impact
     high
Products
     Thunderbird
Fixed in
         Thunderbird 115.3


In general, these flaws cannot be exploited through email in the 
Thunderbird product because scripting is disabled when reading mail, but 
are potentially risks in browser or browser-like contexts.
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1

Reporter
     sonakkbi
Impact
     high

Description

A compromised content process could have provided malicious data to 
FilterNodeD2D1 resulting in an out-of-bounds write, leading to a 
potentially exploitable crash in a privileged process.
This bug only affects Firefox on Windows. Other operating systems are 
unaffected.
References

     Bug 1846683


#CVE-2023-5169: Out-of-bounds write in PathOps

Reporter
     sonakkbi
Impact
     high

Description

A compromised content process could have provided malicious data in a 
PathRecording resulting in an out-of-bounds write, leading to a 
potentially exploitable crash in a privileged process.
References

     Bug 1846685


#CVE-2023-5171: Use-after-free in Ion Compiler

Reporter
     Lukas Bernhard
Impact
     high

Description

During Ion compilation, a Garbage Collection could have resulted in a 
use-after-free condition, allowing an attacker to write two NUL bytes, 
and cause a potentially exploitable crash.
References

     Bug 1851599


#CVE-2023-5174: Double-free in process spawning on Windows

Reporter
     Ronald Crane
Impact
     moderate

Description

If Windows failed to duplicate a handle during process creation, the 
sandbox code may have inadvertently freed a pointer twice, resulting in 
a use-after-free and a potentially exploitable crash.
This bug only affects Firefox on Windows when run in non-standard 
configurations (such as using runas). Other operating systems are 
unaffected.
References

     Bug 1848454


#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 
115.3, and Thunderbird 115.3

Reporter
     Chris Peterson, Andrew McCreight, André Bargull, Nika Layzell and 
the Mozilla Fuzzing Team
Impact
     high

Description

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and 
Thunderbird 115.2. Some of these bugs showed evidence of memory 
corruption and we presume that with enough effort some of these could 
have been exploited to run arbitrary code.
References

     Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and 
Thunderbird 115.3


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================