CVE-2023-23606Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds Write9 documents6 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
0.2%
top 56.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJun 2

Description

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified109
NVDmozilla/firefox< 109.0
Ubuntumozilla/firefox< 109.0.1+build1-0ubuntu0.18.04.2+3
mozillamozilla/firefox
debiandebian/firefox< firefox 109.0-1 (sid)

🔴Vulnerability Details

4
GHSA
GHSA-gwc9-8q5h-cr4c: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 1082023-06-02
OSV
firefox regressions2023-02-06
OSV
firefox vulnerabilities2023-01-23
OSV
CVE-2023-23606: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 1082023-01-18

📋Vendor Advisories

4
Ubuntu
Firefox regressions2023-02-06
Ubuntu
Firefox vulnerabilities2023-01-23
Debian
CVE-2023-23606: firefox - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs pres...2023
Mozilla
Mozilla Foundation Security Advisory 2023-01: CVE-2023-23606
CVE-2023-23606 — Out-of-bounds Write in Mozilla Firefox | cvebase