PT-2023-6530 · Mozilla+5 · Firefox+5

Daniel Veditz

Publicado

2023-10-24

Atualizado

2025-03-14

CVE-2023-5723

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 119

Description The issue is related to insufficient input validation when handling cookies, which could allow a remote attacker to execute arbitrary code. An attacker with temporary script access to a site could set a cookie containing invalid characters using document.cookie, potentially leading to unknown errors.

Recommendations For versions prior to 119, update to Firefox version 119 or later to resolve the issue. As a temporary workaround, consider restricting the use of the document.cookie until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2023-6639

ALT-PU-2023-7363

ALT-PU-2023-7774

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-07277

CVE-2023-5723

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_4214-1

OPENSUSE-SU-2024:13385-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:4212-1

SUSE-SU-2023:4213-1

SUSE-SU-2023:4214-1

USN-6456-1

USN-6456-2

Produtos afetados

Alt Linux

Astra Linux

Firefox

Linuxmint

Suse

Ubuntu

PT-2023-6530 · Mozilla+5 · Firefox+5

CVE-2023-5723

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2091