CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:50

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - Issue Tracking, Permissions Required, Vendor Advisory () https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - Issue Tracking, Permissions Required, Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2023-09/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2023-09/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2023-10/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2023-10/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2023-11/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2023-11/ - Vendor Advisory

09 Jun 2023, 18:40

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-10/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-10/ - Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-09/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-09/ - Vendor Advisory
References (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 - Issue Tracking, Permissions Required, Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-11/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-11/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
First Time Mozilla
Mozilla thunderbird
Mozilla firefox Esr
Mozilla firefox
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

02 Jun 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 17:15

Updated : 2024-11-21 07:50


NVD link : CVE-2023-25752

Mitre link : CVE-2023-25752

CVE.ORG link : CVE-2023-25752


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
  • firefox_esr