PT-2023-2215 · Mozilla+3 · Thunderbird+5

Mashupmark

Publicado

2023-02-14

Atualizado

2025-01-09

CVE-2023-25738

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8

Description The issue is related to the validation of members of the DEVMODEW struct set by the printer device driver, which could result in invalid values and cause out of bounds access to related variables. This could potentially allow a remote attacker to execute arbitrary code. The estimated number of potentially affected devices is not specified. This issue only affects Firefox on Windows, while other operating systems are unaffected.

Recommendations For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

Exploit

Correção

Buffer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-125

Identificadores relacionados

ALT-PU-2023-1374

ALT-PU-2023-1386

ALT-PU-2023-1387

ALT-PU-2023-1411

ALT-PU-2023-1435

ALT-PU-2023-1478

ALT-PU-2023-1758

ALT-PU-2023-1765

ALT-PU-2023-4365

ALT-PU-2023-4366

BDU:2023-01963

CVE-2023-25738

OPENSUSE-SU-2023_0461-1

OPENSUSE-SU-2024:12702-1

OPENSUSE-SU-2024:12713-1

OPENSUSE-SU-2024:12753-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:0461-1

SUSE-SU-2023:0466-1

SUSE-SU-2023:0469-1

SUSE-SU-2023:0599-1

Produtos afetados

Alt Linux

Astra Linux

Firefox

Firefox Esr

Suse

Thunderbird

PT-2023-2215 · Mozilla+3 · Thunderbird+5

CVE-2023-25738

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1889