CVE-2023-25731Improper Validation of Specified Quantity in Input in Mozilla Firefox

CWE-1284Improper Validation of Specified Quantity in Input11 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 48.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedJun 2
Latest updateJun 13

Description

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

debiandebian/firefox< firefox 110.0-1 (sid)
CVEListV5mozilla/firefoxunspecified110
NVDmozilla/firefox< 110.0
Ubuntumozilla/firefox< 110.0+build3-0ubuntu0.18.04.1+3
mozillamozilla/firefox

🔴Vulnerability Details

4
GHSA
GHSA-v7qx-gcjm-59m5: Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global ob2023-06-02
OSV
firefox regressions2023-03-01
OSV
firefox vulnerabilities2023-02-20
OSV
CVE-2023-25731: Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global ob2023-02-15

📋Vendor Advisories

6
Microsoft
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affec2023-06-13
Ubuntu
Firefox regressions2023-03-01
Ubuntu
Firefox vulnerabilities2023-02-20
Red Hat
Mozilla: Prototype pollution when rendering URLPreview2023-02-14
Debian
CVE-2023-25731: firefox - Due to URL previews in the network panel of developer tools improperly storing U...2023