CVE-2023-29536

Publication date 12 April 2023

Last updated 26 August 2025

Ubuntu priority

Cvss 3 Severity Score

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status

Notes

tyhicks

mozjs contains a copy of the SpiderMonkey JavaScript engine

mdeslaur

starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-6010-1
Firefox vulnerabilities
12 April 2023

USN-6015-1
Thunderbird vulnerabilities
13 April 2023

USN-6120-1
SpiderMonkey vulnerabilities
30 May 2023