When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 | Issue Tracking Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-09/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-10/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-11/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Jun 2023, 18:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-10/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-09/ - Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - Issue Tracking, Permissions Required, Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-11/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
|
First Time |
Mozilla
Mozilla thunderbird Mozilla firefox Esr Mozilla firefox |
|
CWE | NVD-CWE-noinfo |
02 Jun 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-02 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-25752
Mitre link : CVE-2023-25752
CVE.ORG link : CVE-2023-25752
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
- firefox_esr
CWE