CVE-2023-37209 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free7 documents6 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.3%

top 46.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJul 5

Description

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/firefox< firefox 115.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 115

▶NVDmozilla/firefox< 115.0

▶Ubuntumozilla/firefox< 115.0+build2-0ubuntu0.20.04.3

▶mozillamozilla/firefox

🔴Vulnerability Details

OSV

CVE-2023-37209: A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object rem↗2023-07-05

▶

OSV

firefox vulnerabilities↗2023-07-05

▶

GHSA

GHSA-qvg2-h6w2-cvwj: A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object rem↗2023-07-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2023-07-05

▶

Debian

CVE-2023-37209: firefox - A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSe...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-22: CVE-2023-37209↗

▶