CVE-2023-29544 — Uncontrolled Resource Consumption in Mozilla Firefox

CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

6.5MEDIUMNVD

OSV4.3

EPSS

0.3%

top 50.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox FOR Android Mozilla Focus FOR Android +1 more

Timeline

PublishedJun 2

Latest updateJun 13

Description

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5mozilla/firefox_for_androidunspecified — 112

▶CVEListV5mozilla/focus_for_androidunspecified — 112

▶CVEListV5mozilla/firefoxunspecified — 112

▶NVDmozilla/firefox< 112.0

▶Ubuntumozilla/firefox< 112.0+build2-0ubuntu0.18.04.1+1

🔴Vulnerability Details

CVEList

CVE-2023-29544: If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potential↗2023-06-02

▶

GHSA

GHSA-h5xr-379w-chrw: If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potential↗2023-06-02

▶

OSV

firefox regressions↗2023-04-26

▶

OSV

firefox regressions↗2023-04-18

▶

OSV

CVE-2023-29544: If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potential↗2023-04-12

▶

📋Vendor Advisories

Microsoft

▶

Ubuntu

Firefox vulnerabilities↗2023-04-12

▶

Debian

CVE-2023-29544: firefox - If multiple instances of resource exhaustion occurred at the incorrect time, the...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-13: CVE-2023-29544↗

▶