{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0767", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-02T05:24:34.139Z", "dateReserved": "2023-02-09T00:00:00", "datePublished": "2023-06-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-07-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "110", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "102.8", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "102.8", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640"}, {"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Arbitrary memory write via PKCS 12 in NSS"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230324-0008/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640", "tags": ["x_transferred"]}, {"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.139Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1", "versionEndExcluding": "110.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD", "versionEndExcluding": "102.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170", "versionEndExcluding": "102.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."}], "id": "CVE-2023-0767", "lastModified": "2023-08-02T16:45:30.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-02T17:15:10.440", "references": [{"source": "security@mozilla.org", "tags": ["Product"], "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.", "affected_release": [{"advisory": "RHSA-2023:1366", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "nss-0:3.44.0-13.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2023-03-21T00:00:00Z"}, {"advisory": "RHSA-2023:1332", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-0:3.79.0-5.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-03-20T00:00:00Z"}, {"advisory": "RHSA-2023:1252", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nss-0:3.79.0-11.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-03-15T00:00:00Z"}, {"advisory": "RHSA-2023:1436", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "nss-0:3.44.0-11.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1442", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:102.9.0-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1479", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:102.9.0-4.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-03-27T00:00:00Z"}, {"advisory": "RHSA-2023:1406", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "nss-0:3.53.1-13.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-03-22T00:00:00Z"}, {"advisory": "RHSA-2023:1443", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:102.9.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1445", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:102.9.0-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1406", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "nss-0:3.53.1-13.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-03-22T00:00:00Z"}, {"advisory": "RHSA-2023:1443", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:102.9.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1445", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:102.9.0-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1406", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "nss-0:3.53.1-13.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-03-22T00:00:00Z"}, {"advisory": "RHSA-2023:1443", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:102.9.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1445", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:102.9.0-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1370", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "nss-0:3.67.0-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-21T00:00:00Z"}, {"advisory": "RHSA-2023:1444", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:102.9.0-4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1472", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:102.9.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-27T00:00:00Z"}, {"advisory": "RHSA-2023:1369", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "nss-0:3.79.0-11.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-03-21T00:00:00Z"}, {"advisory": "RHSA-2023:1368", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nss-0:3.79.0-17.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-03-21T00:00:00Z"}, {"advisory": "RHSA-2023:1365", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "nss-0:3.79.0-17.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-21T00:00:00Z"}, {"advisory": "RHSA-2023:1677", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.3-202304051438_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-04-10T00:00:00Z"}], "bugzilla": {"description": "nss: Arbitrary memory write via PKCS 12", "id": "2170377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170377"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled."], "name": "CVE-2023-0767", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0767\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0767\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767"], "statement": "Firefox and Thunderbird in Red Hat Enterprise Linux 8.6 and later are not affected by this vulnerability, as they use the system NSS library. Firefox and Thunderbird in earlier Red Hat Enterprise Linux 8 extended life streams were affected, and should be updated to fixed versions as they become available.", "threat_severity": "Important", "upstream_fix": "nss 3.88.1, nss 3.79.4, thunderbird 102.8, firefox 102.8"}