CVE-2023-29549

CWE-32610 documents7 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox FOR AndroidMozilla Focus FOR Android+1 more
Timeline
PublishedJun 2

Description

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5mozilla/firefox_for_androidunspecified112
CVEListV5mozilla/focus_for_androidunspecified112
CVEListV5mozilla/firefoxunspecified112
NVDmozilla/firefox< 112.0
Ubuntufirefox< 112.0+build2-0ubuntu0.18.04.1+1

🔴Vulnerability Details

6
CVEList
CVE-2023-29549: Under certain circumstances, a call to the bind function may have resulted in the incorrect realm2023-06-02
GHSA
GHSA-x5mh-3hvm-9j36: Under certain circumstances, a call to the bind function may have resulted in the incorrect realm2023-06-02
OSV
firefox regressions2023-04-26
OSV
firefox regressions2023-04-18
OSV
CVE-2023-29549: Under certain circumstances, a call to the bind function may have resulted in the incorrect realm2023-04-12

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2023-04-12
Debian
CVE-2023-29549: firefox - Under certain circumstances, a call to the <code>bind</code> function may have r...2023
Mozilla
Mozilla Foundation Security Advisory 2023-13: CVE-2023-29549
CVE-2023-29549 (MEDIUM CVSS 6.5) | Under certain circumstances | cvebase.io