CVE-2023-37201

Note

mozjs contains a copy of the SpiderMonkey JavaScript engine
starting with Ubuntu 22.04, the firefox package is just a script
that installs the Firefox snap

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	bionic	Ignored (end of standard support)
	focal	Released (115.0+build2-0ubuntu0.20.04.3)
	jammy	Not vulnerable (code not present)
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Not vulnerable (code not present)
	trusty	Ignored (end of standard support)
	upstream	Released (115.0-1)
	xenial	Ignored (end of standard support)
thunderbird Launchpad, Ubuntu, Debian	bionic	Ignored (end of standard support)
	focal	Released (1:102.13.0+build1-0ubuntu0.20.04.1)
	jammy	Released (1:102.13.0+build1-0ubuntu0.22.04.1)
	kinetic	Released (1:102.13.0+build1-0ubuntu0.22.10.1)
	lunar	Released (1:102.13.0+build1-0ubuntu0.23.04.1)
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Ignored (end of standard support)

Parameter	Value
Base score	8.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-37201

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap