CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

09 Jun 2023, 18:40

Type Values Removed Values Added
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-10/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-10/ - Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-09/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-09/ - Vendor Advisory
References (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - Issue Tracking, Permissions Required, Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-11/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-11/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
First Time Mozilla
Mozilla thunderbird
Mozilla firefox Esr
Mozilla firefox
CWE NVD-CWE-noinfo

02 Jun 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 17:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-25752

Mitre link : CVE-2023-25752

CVE.ORG link : CVE-2023-25752


JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox
  • firefox_esr