PT-2023-1312 · Mozilla+4 · Firefox+4

Niklas Baumstark

Publicado

2023-01-17

Atualizado

2024-12-12

CVE-2023-23597

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 109

Description A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. The vulnerability is related to errors in security settings and can be exploited by a remote attacker to read arbitrary files.

Recommendations For versions prior to 109, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of arbitrary file read.

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326CWE-254

Identificadores relacionados

ALT-PU-2023-1084

ALT-PU-2023-1478

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-00597

CVE-2023-23597

OPENSUSE-SU-2024:12623-1

OPENSUSE-SU-2024:14572-1

USN-5816-1

USN-5816-2

Produtos afetados

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-1312 · Mozilla+4 · Firefox+4

CVE-2023-23597

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1889