PT-2023-1691 · Mozilla+10 · Firefox+10

Gabriele Svelto

+2

·

Publicado

2023-01-17

·

Atualizado

2024-12-12

·

CVE-2023-25744

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions 109 and earlier Firefox ESR versions 102.7 and earlier
Description The issue is related to memory safety bugs, which have shown evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow due to lack of input size validation, allowing a remote attacker to execute arbitrary code on the target system.
Recommendations For Firefox versions 109 and earlier, update to version 110 or later. For Firefox ESR versions 102.7 and earlier, update to version 102.8 or later.

Exploit

Correção

Special Elements Injection

Improper Neutralization

Buffer Overflow

Command Injection

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-707CWE-120CWE-77CWE-787

Identificadores relacionados

ALSA-2023:0808
ALSA-2023:0810
ALSA-2023:0821
ALSA-2023:0824
ALT-PU-2023-1386
ALT-PU-2023-1387
ALT-PU-2023-1435
ALT-PU-2023-1478
ALT-PU-2023-1758
ALT-PU-2023-4365
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-01262
BDU:2023-07184
CESA-2023_0808
CESA-2023_0812
CESA-2023_0817
CESA-2023_0821
CVE-2023-25744
DLA-3319-1
DLA-3324-1
DSA-5350-1
DSA-5355-1
MGASA-2023-0056
OPENSUSE-SU-2023_0461-1
OPENSUSE-SU-2024:12702-1
OPENSUSE-SU-2024:12753-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:0805
RHSA-2023:0806
RHSA-2023:0807
RHSA-2023:0808
RHSA-2023:0809
RHSA-2023:0810
RHSA-2023:0811
RHSA-2023:0812
RHSA-2023:0817
RHSA-2023:0818
RHSA-2023:0819
RHSA-2023:0820
RHSA-2023:0821
RHSA-2023:0822
RHSA-2023:0823
RHSA-2023:0824
RHSA-2023_0808
RHSA-2023_0810
RHSA-2023_0812
RHSA-2023_0817
RHSA-2023_0821
RHSA-2023_0824
RLSA-2023:0808
RLSA-2023:0810
RLSA-2023:0821
RLSA-2023:0824
SUSE-SU-2023:0461-1
SUSE-SU-2023:0466-1
SUSE-SU-2023:0469-1
USN-5880-1
USN-5880-2

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu