CVE-2023-25732 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write14 documents8 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.2%

top 64.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJun 2

Description

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 110

▶NVDmozilla/firefox< 110.0

▶CVEListV5mozilla/firefox_esrunspecified — 102.8

▶NVDmozilla/firefox_esr< 102.8

▶Ubuntumozilla/firefox< 110.0+build3-0ubuntu0.18.04.1+3

🔴Vulnerability Details

GHSA

GHSA-ph4w-hm9p-64qv: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of boun↗2023-06-02

▶

OSV

CVE-2023-25732: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of boun↗2023-06-02

▶

CVEList

CVE-2023-25732: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of boun↗2023-06-02

▶

OSV

thunderbird vulnerabilities↗2023-03-13

▶

OSV

firefox regressions↗2023-03-01

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2023-03-13

▶

Ubuntu

Firefox vulnerabilities↗2023-02-20

▶

Red Hat

Mozilla: Out of bounds memory write from EncodeInputStream↗2023-02-14

▶

Debian

CVE-2023-25732: firefox - When encoding data from an <code>inputStream</code> in <code>xpcom</code> the si...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-06: CVE-2023-25732↗

▶