We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

当サイトはユーザー体験を改善するためのメンテナンスを実施中に機能が制限される予定です。記事を読んでもあなたの問題が解決せず質問をしたい場合は、Twitter の @FirefoxSupport、Reddit の /r/firefox で、サポートコミュニティが皆さんを助けようと待機しています。

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Affected Firefox ESR versions for CVE-2023-3600

  • 5 件の返信
  • 0 人がこの問題に困っています
  • 1 回表示
  • 最後の返信者: zeroknight

more options

We're currently using Firefox ESR 102.x and our VA software is reporting vulnerability issues with CVE-2023-3600 with says:

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

Based on the scan report, my understanding is that this ONLY applies to ESR Builds of 115.x and not with ESR 102.x release.

does it mean that this CVE also affects our 102.x version?

Thanks!

We're currently using Firefox ESR 102.x and our VA software is reporting vulnerability issues with CVE-2023-3600 with says: During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Based on the scan report, my understanding is that this ONLY applies to ESR Builds of 115.x and not with ESR 102.x release. does it mean that this CVE also affects our 102.x version? Thanks!

すべての返信 (5)

more options

https://www.mozilla.org/security/advisories/mfsa2023-26/ CVE-2023-3600: Use-after-free in workers Fixed in Firefox 115.0.2 Firefox ESR 115.0.2

Firefox 115.0.2 is a older Fx 115 ESR version as there has since been 115.0.3, 115.1.0, 115.2.0 https://www.mozilla.org/firefox/releases/

Firefox 102 ESR was based on the Firefox 102.0 Release. Note the Fx 102.15.0 ESR was the last major update for this old ESR branch though there may be minor updates for security and or stability fixes if warranted, though it is considered EOL. Firefox 117.0 and 115.2.0 ESR are the current versions.

Security Advisories for Firefox https://www.mozilla.org/security/known-vulnerabilities/firefox/

Security Advisories for Firefox ESR https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/

この投稿は James により に変更されました

more options

So does this mean that 102 is different app/build from 115 and 102 is not affected by this CVE??

Thanks!

more options

Perhaps not by this one however the old Fx 102 ESR branch is EOL now with Firefox 117.0 and 1152.0 ESR the current versions.

Its possible the old EOL Fx 102 ESR branch is currently vulnerable to some things that has since been fixed in newer versions.

more options

James, Thanks for your response.

Can you help to get a proof that 102.x is not impacted by this CVE or at least a confirmation from Firefox. thanks!

more options

The code modified in the fix appears to have been added in 113 and does not exist in 102esr.