CVE-2023-37202Use After Free in Mozilla Firefox

CWE-416Use After Free14 documents8 sources
Severity
8.8HIGHNVD
OSV6.5OSV3.1
EPSS
0.7%
top 28.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedJul 5
Latest updateJul 13

Description

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified115
NVDmozilla/firefox< 115.0
CVEListV5mozilla/firefox_esrunspecified102.13
NVDmozilla/firefox_esr< 102.13
Ubuntumozilla/firefox< 115.0+build2-0ubuntu0.20.04.3

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2023-07-11
OSV
firefox vulnerabilities2023-07-05
OSV
CVE-2023-37202: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting2023-07-05
CVEList
CVE-2023-37202: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting2023-07-05
GHSA
GHSA-hhm4-xgvr-x3rg: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting2023-07-05

📋Vendor Advisories

8
Ubuntu
SpiderMonkey vulnerabilities2023-07-13
Ubuntu
Thunderbird vulnerabilities2023-07-11
Ubuntu
Firefox vulnerabilities2023-07-05
Red Hat
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey2023-07-04
Debian
CVE-2023-37202: firefox - Cross-compartment wrappers wrapping a scripted proxy could have caused objects f...2023
CVE-2023-37202 — Use After Free in Mozilla Firefox | cvebase