PT-2022-6824 · Mozilla+4 · Firefox+4

Alexander Volkov

Published

2022-11-20

Updated

2025-03-14

CVE-2023-25731

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110

Description The issue is related to errors in resource release and improper storage of URLs in the network panel of developer tools, which could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability may also allow query parameters to overwrite global objects in privileged code.

Recommendations For versions prior to 110, update to version 110 or later to resolve the issue. As a temporary workaround, consider restricting access to the network panel of developer tools to minimize the risk of exploitation. Avoid using sensitive query parameters in URLs until the issue is resolved.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-1284

Related Identifiers

ALT-PU-2023-1387

ALT-PU-2023-1478

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-04825

CVE-2023-25731

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:12753-1

OPENSUSE-SU-2024:14572-1

USN-5880-1

USN-5880-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2022-6824 · Mozilla+4 · Firefox+4

CVE-2023-25731

Weakness Enumeration

Related Identifiers

Affected Products

References · 2093