CVE-2023-6866 — Improper Handling of Exceptional Conditions in Mozilla Firefox

CWE-755 — Improper Handling of Exceptional Conditions10 documents7 sources

Severity

8.8HIGHNVD

OSV4.3

EPSS

1.3%

top 20.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedDec 19

Latest updateJan 11

Description

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5mozilla/firefoxunspecified — 121

▶NVDmozilla/firefox< 121.0

▶Ubuntumozilla/firefox< 121.0+build1-0ubuntu0.20.04.1+1

🔴Vulnerability Details

OSV

firefox regressions↗2024-01-11

▶

OSV

firefox vulnerabilities↗2024-01-02

▶

OSV

CVE-2023-6866: TypedArrays can be fallible and lacked proper exception handling↗2023-12-20

▶

GHSA

GHSA-g9fc-wq66-mpcr: TypedArrays can be fallible and lacked proper exception handling↗2023-12-19

▶

CVEList

CVE-2023-6866: TypedArrays can be fallible and lacked proper exception handling↗2023-12-19

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2024-01-11

▶

Ubuntu

Firefox vulnerabilities↗2024-01-02

▶

Debian

CVE-2023-6866: firefox - TypedArrays can be fallible and lacked proper exception handling. This could lea...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-56: CVE-2023-6866↗

▶