CVE-2023-25752 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read14 documents8 sources

Severity

6.5MEDIUMNVD

OSV4.3

EPSS

0.1%

top 71.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJun 2

Description

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 111

▶NVDmozilla/firefox< 111.0

▶CVEListV5mozilla/firefox_esrunspecified — 102.9

▶NVDmozilla/firefox_esr< 102.9

▶Ubuntumozilla/firefox< 111.0+build2-0ubuntu0.18.04.1+3

🔴Vulnerability Details

OSV

CVE-2023-25752: When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds↗2023-06-02

▶

CVEList

CVE-2023-25752: When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds↗2023-06-02

▶

GHSA

GHSA-7f6h-8948-xq6j: When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds↗2023-06-02

▶

OSV

firefox regressions↗2023-03-27

▶

OSV

firefox vulnerabilities↗2023-03-15

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2023-03-27

▶

Ubuntu

Firefox regressions↗2023-03-27

▶

Ubuntu

Firefox vulnerabilities↗2023-03-15

▶

Red Hat

Mozilla: Potential out-of-bounds when accessing throttled streams↗2023-03-14

▶

Debian

CVE-2023-25752: firefox - When accessing throttled streams, the count of available bytes needed to be chec...↗2023

▶