CVE-2023-29535

CWE-119Buffer Overflow12 documents8 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 42.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla Firefox ESRMozilla Firefox FOR Android+3 more
Timeline
PublishedJun 2

Description

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages11 packages

CVEListV5mozilla/firefox_for_androidunspecified112
CVEListV5mozilla/firefoxunspecified112
NVDmozilla/firefox< 112.0
CVEListV5mozilla/firefox_esrunspecified102.10
NVDmozilla/firefox_esr< 102.10

🔴Vulnerability Details

3
OSV
CVE-2023-29535: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced2023-06-02
CVEList
CVE-2023-29535: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced2023-06-02
GHSA
GHSA-6w79-w79x-722p: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced2023-06-02

📋Vendor Advisories

8
Ubuntu
SpiderMonkey vulnerabilities2023-05-30
Ubuntu
Thunderbird vulnerabilities2023-04-13
Ubuntu
Firefox vulnerabilities2023-04-12
Red Hat
Mozilla: Potential Memory Corruption following Garbage Collector compaction2023-04-11
Debian
CVE-2023-29535: firefox - Following a Garbage Collector compaction, weak maps may have been accessed befor...2023
CVE-2023-29535 (MEDIUM CVSS 6.5) | Following a Garbage Collector compa | cvebase.io