CVE-2023-25742Improper Handling of Alternate Encoding in Mozilla Firefox

CWE-173Improper Handling of Alternate Encoding16 documents8 sources
Severity
6.5MEDIUMNVD
OSV8.8OSV7.8
EPSS
0.1%
top 71.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedJun 2
Latest updateJul 30

Description

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified110
NVDmozilla/firefox< 110.0
CVEListV5mozilla/firefox_esrunspecified102.8
NVDmozilla/firefox_esr< 102.8
Ubuntumozilla/firefox< 110.0+build3-0ubuntu0.18.04.1+3

🔴Vulnerability Details

7
OSV
linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi vulnerabilities2024-07-30
CVEList
CVE-2023-25742: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash2023-06-02
OSV
CVE-2023-25742: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash2023-06-02
GHSA
GHSA-h7v9-37vx-36cv: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash2023-06-02
OSV
thunderbird vulnerabilities2023-03-13

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2023-03-13
Ubuntu
Firefox regressions2023-03-01
Ubuntu
Firefox vulnerabilities2023-02-20
Red Hat
Mozilla: Web Crypto ImportKey crashes tab2023-02-14
Debian
CVE-2023-25742: firefox - When importing a SPKI RSA public key as ECDSA P-256, the key would be handled in...2023
CVE-2023-25742 — Mozilla Firefox vulnerability | cvebase