Login Sign Up

CVE-2023-37211

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbitrary code. All users running affected versions of these applications are at risk.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 115, Firefox ESR < 102.13, Thunderbird < 102.13
Operating Systems: All platforms where affected versions run
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution allowing attackers to take complete control of the affected system.

🟠

Likely Case

Application crashes or instability, with potential for limited code execution in targeted attacks.

🟢

If Mitigated

No impact if patched versions are deployed or if applications are not used for untrusted content.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Memory corruption vulnerabilities require significant effort to weaponize but could be exploited through crafted web content or emails.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 115+, Firefox ESR 102.13+, Thunderbird 102.13+

Vendor Advisory: https://bugzilla.mozilla.org/buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450

Restart Required: Yes

Instructions:

1. Open the affected application. 2. Go to Help > About Firefox/Thunderbird. 3. Allow the application to check for and install updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript to reduce attack surface while waiting for patch

Use alternative browser

all

Switch to a different, updated browser until patches can be applied

🧯 If You Can't Patch

  • Restrict access to untrusted websites and email content
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check the application version in Help > About Firefox/Thunderbird

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox 115+, Firefox ESR 102.13+, or Thunderbird 102.13+

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Memory access violation errors
  • Unexpected process termination

Network Indicators:

  • Unusual outbound connections from browser processes
  • Suspicious download patterns

SIEM Query:

source="firefox.log" OR source="thunderbird.log" AND (event="crash" OR event="segfault" OR event="memory_error")

📊 Metadata

CVE ID: CVE-2023-37211
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: July 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37211, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)