CVE-2023-32210 — Mozilla Firefox vulnerability

11 documents6 sources

Severity

6.5MEDIUMNVD

OSV4.3

EPSS

0.2%

top 52.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 19

Description

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 113.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 113

▶NVDmozilla/firefox< 113.0

▶Ubuntumozilla/firefox< 113.0+build2-0ubuntu0.18.04.1+5

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-2qcf-439j-7273: Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal↗2023-06-19

▶

OSV

firefox regressions↗2023-05-24

▶

OSV

firefox regressions↗2023-05-16

▶

OSV

firefox vulnerabilities↗2023-05-15

▶

OSV

CVE-2023-32210: Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal↗2023-05-10

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2023-05-24

▶

Ubuntu

Firefox regressions↗2023-05-16

▶

Ubuntu

Firefox vulnerabilities↗2023-05-15

▶

Debian

CVE-2023-32210: firefox - Documents were incorrectly assuming an ordering of principal objects when ensuri...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-16: CVE-2023-32210↗

▶