CVE-2023-0767

Published: 15 February 2023

Arbitrary memory write via PKCS 12 in NSS

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

Priority

Status

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	bionic	Released (110.0+build3-0ubuntu0.18.04.1)
	focal	Released (110.0+build3-0ubuntu0.20.04.1)
	jammy	Needs triage
	kinetic	Needs triage
	trusty	Ignored (out of standard support)
	upstream	Released (110.0-1)
	xenial	Needs triage
mozjs38 Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs52 Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	jammy	Does not exist
	kinetic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs68 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Needs triage
	jammy	Does not exist
	kinetic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs78 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	jammy	Needs triage
	kinetic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs91 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	jammy	Needs triage
	kinetic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
nss Launchpad, Ubuntu, Debian	bionic	Released (2:3.35-2ubuntu2.16)
	focal	Released (2:3.49.1-1ubuntu1.9)
	jammy	Released (2:3.68.2-0ubuntu1.2)
	kinetic	Released (2:3.82-1ubuntu0.1)
	trusty	Released (2:3.28.4-0ubuntu0.14.04.5+esm12)
	upstream	Released (2:3.87.1-1)
	xenial	Released (2:3.28.4-0ubuntu0.16.04.14+esm4)
	Patches: upstream: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad (3.88) upstream: https://hg.mozilla.org/projects/nss/rev/62f6b3e9024dd72ba3af9ce23848d7573b934f18 (3.87) upstream: https://hg.mozilla.org/projects/nss/rev/57c60a4da16503b7827ccd763354faf151514b57 (3.79)
thunderbird Launchpad, Ubuntu, Debian	bionic	Released (1:102.8.0+build2-0ubuntu0.18.04.1)
	focal	Released (1:102.8.0+build2-0ubuntu0.20.04.1)
	jammy	Released (1:102.8.0+build2-0ubuntu0.22.04.1)
	kinetic	Released (1:102.8.0+build2-0ubuntu0.22.10.1)
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Needed

References

Bugs

https://bugzilla.mozilla.org/show_bug.cgi?id=1804640 (private)

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2023-0767

Notes

Priority

Status

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading