Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

CVE-2023-3600

  • 5 antwoorden
  • 0 hebben dit probleem
  • 45 weergaven
  • Laatste antwoord van goku

sbasic
sbasic
more options

Hi,

regarding vulnerability CVE-2023-3600 when I check advisories it says that version below 115.0.2 ESR are affected. Does that mean that only 115.x versions are affected or all versions are affected like 102.x ?

Regards

Hi, regarding vulnerability CVE-2023-3600 when I check advisories it says that version below 115.0.2 ESR are affected. Does that mean that only 115.x versions are affected or all versions are affected like 102.x ? Regards

Alle antwoorden (5)

James
James
  • Top 25 Contributor
  • Moderator
more options

Firefox ESR versions https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/

Firefox Release https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/

https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/ Says CVE-2023-3600: Use-after-free in workers was fixed in Firefox 115.0.2 Firefox ESR 115.0.2. They would have ported the fix to 102 ESR if it was found vulnerable to this also.

The old Fx 102 ESR channel is coming to an end as 102.15.0 ESR will be the last major update for it.

Bewerkt door James op

sbasic
sbasic Vraageigenaar
more options

ok. thanks. So you are saying that this vulnerability exists also in v102, not just in v115 ?

goku
goku
more options

is firefox esr 102 affected by CVE-2023-3600?

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

The code that was changed doesn't appear to be present in 102 ESR if I search the HG website, so the 102 ESR branch is likely not affected.

goku
goku
more options

thanks cor-el, can you pls share the link? thanks