Login Sign Up

CVE-2023-0767

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows an attacker to craft a malicious PKCS 12 certificate bundle that triggers arbitrary memory writes when processed by affected applications. It affects Firefox versions below 110, Thunderbird below 102.8, and Firefox ESR below 102.8, potentially leading to remote code execution.

💻 Affected Systems

Products:
  • Firefox
  • Thunderbird
  • Firefox ESR
Versions: Firefox < 110, Thunderbird < 102.8, Firefox ESR < 102.8
Operating Systems: All platforms supported by affected applications
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing PKCS 12 certificate bundles, which may occur during certificate import or SSL/TLS operations.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to information disclosure.

🟢

If Mitigated

No impact if patched versions are used or if PKCS 12 bundles from untrusted sources are blocked.

🌐 Internet-Facing: HIGH - Web browsers and email clients frequently process external content.
🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious emails or internal web pages.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires the victim to process a malicious PKCS 12 bundle, which could be delivered via websites, emails, or other vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 110+, Thunderbird 102.8+, Firefox ESR 102.8+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2023-05/

Restart Required: Yes

Instructions:

1. Open the affected application. 2. Go to Help > About Firefox/Thunderbird. 3. Allow the application to check for and install updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Block PKCS 12 imports

all

Prevent users from importing PKCS 12 certificate bundles via policy or configuration.

🧯 If You Can't Patch

  • Restrict access to untrusted websites and email attachments that may contain malicious certificates.
  • Implement application whitelisting to prevent execution of compromised browser processes.

🔍 How to Verify

Check if Vulnerable:

Check the application version in Help > About Firefox/Thunderbird.

Check Version:

firefox --version or thunderbird --version on Linux/macOS

Verify Fix Applied:

Confirm the version is Firefox 110+, Thunderbird 102.8+, or Firefox ESR 102.8+.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory corruption signatures
  • Failed certificate import attempts

Network Indicators:

  • Unusual certificate downloads or imports from untrusted sources

SIEM Query:

source="firefox.log" AND (event="crash" OR event="certificate_import_error")

📊 Metadata

CVE ID: CVE-2023-0767
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: June 2, 2023
Last Updated: May 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON