CVE-2023-34417Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds Write12 documents7 sources
Severity
9.8CRITICALNVD
OSV3.1
EPSS
0.4%
top 38.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxDebian FirefoxMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0+1 more
Timeline
PublishedJun 19
Latest updateJun 21

Description

Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

debiandebian/firefox< firefox 114.0-1 (sid)
CVEListV5mozilla/firefoxunspecified114
NVDmozilla/firefox< 114.0
Ubuntumozilla/firefox< 114.0+build3-0ubuntu0.20.04.1+2
mozillamozilla/firefox

🔴Vulnerability Details

5
OSV
firefox regressions2023-06-21
GHSA
GHSA-jr8c-7w56-v2rh: Memory safety bugs present in Firefox 1132023-06-19
OSV
firefox regressions2023-06-13
OSV
firefox vulnerabilities2023-06-07
OSV
CVE-2023-34417: Memory safety bugs present in Firefox 1132023-06-07

📋Vendor Advisories

6
Ubuntu
Firefox regressions2023-06-21
Microsoft
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.2023-06-13
Ubuntu
Firefox regressions2023-06-13
Ubuntu
Firefox vulnerabilities2023-06-07
Debian
CVE-2023-34417: firefox - Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of...2023