CVE-2023-4583 — Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
Severity
7.5HIGHNVD
OSV8.8OSV6.5
EPSS
0.1%
top 65.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateOct 3
Description
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages9 packages
🔴Vulnerability Details
5GHSA▶
GHSA-wxxp-w379-49qj: When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already↗2023-09-11
OSV▶
CVE-2023-4583: When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already↗2023-09-11
📋Vendor Advisories
8Microsoft▶
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for ↗2023-09-12
Debian▶
CVE-2023-4583: firefox - When checking if the Browsing Context had been discarded in `HttpBaseChannel`, i...↗2023