CVE-2023-4575Use After Free in Mozilla Firefox

CWE-416Use After Free15 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedSep 11
Latest updateSep 14

Description

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified117
NVDmozilla/firefox115.0115.2+1
CVEListV5mozilla/firefox_esrunspecified102.15+1
NVDmozilla/firefox_esr< 102.15
Ubuntumozilla/firefox< 117.0+build2-0ubuntu0.20.04.1

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2023-09-14
OSV
CVE-2023-4575: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually2023-09-11
CVEList
Memory corruption in IPC FilePickerShownCallback2023-09-11
GHSA
GHSA-7qvm-4564-f42g: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually2023-09-11
OSV
firefox vulnerabilities2023-08-30

📋Vendor Advisories

9
Ubuntu
Thunderbird vulnerabilities2023-09-14
Ubuntu
Firefox vulnerabilities2023-08-30
Red Hat
Mozilla: Memory corruption in IPC FilePickerShownCallback2023-08-29
Debian
CVE-2023-4575: firefox - When creating a callback over IPC for showing the File Picker window, multiple o...2023
Mozilla
Mozilla Foundation Security Advisory 2023-36: CVE-2023-4575
CVE-2023-4575 — Use After Free in Mozilla Firefox | cvebase