PT-2023-4145 · Mozilla · Firefox

Artem Chaykin

Publicado

2023-07-04

Atualizado

2024-11-07

CVE-2023-37456

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 115

Description The issue is related to insufficient input validation, which can lead to a denial-of-service (DoS) attack by a remote attacker. Specifically, the session restore helper crashes when no parameter is sent to the message handler.

Recommendations For Firefox for iOS versions prior to 115, update to version 115 or later to resolve the issue. As a temporary workaround, consider restricting the use of the session restore helper until a patch is available.

Correção

RCE

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-476

Identificadores relacionados

BDU:2023-04456

CVE-2023-37456

Produtos afetados

Firefox

PT-2023-4145 · Mozilla · Firefox

CVE-2023-37456

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6