CVE-2023-29537

CWE-362Race Condition11 documents8 sources
Severity
7.5HIGH
EPSS
0.3%
top 50.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox FOR AndroidMozilla Focus FOR Android+1 more
Timeline
PublishedJun 2
Latest updateJun 13

Description

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

CVEListV5mozilla/firefox_for_androidunspecified112
CVEListV5mozilla/focus_for_androidunspecified112
CVEListV5mozilla/firefoxunspecified112
NVDmozilla/firefox< 112.0
Ubuntufirefox< 112.0.1+build1-0ubuntu0.18.04.1+3

🔴Vulnerability Details

6
CVEList
CVE-2023-29537: Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code2023-06-02
GHSA
GHSA-cm5p-vcj3-gv4c: Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code2023-06-02
OSV
firefox regressions2023-04-26
OSV
firefox regressions2023-04-18
OSV
firefox vulnerabilities2023-04-12

📋Vendor Advisories

4
Microsoft
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, 2023-06-13
Ubuntu
Firefox vulnerabilities2023-04-12
Debian
CVE-2023-29537: firefox - Multiple race conditions in the font initialization could have led to memory cor...2023
Mozilla
Mozilla Foundation Security Advisory 2023-13: CVE-2023-29537
CVE-2023-29537 (HIGH CVSS 7.5) | Multiple race conditions in the fon | cvebase.io