PT-2022-6825 · Mozilla+9 · Thunderbird+11

Dan Veditz

·

Published

2022-11-15

·

Updated

2025-01-10

·

CVE-2023-23603

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 109 Thunderbird versions prior to 102.7 Firefox ESR versions prior to 102.7
Description The issue is related to insufficient processing of regular expressions used to filter out forbidden properties and values from style directives in calls to console.log. This could potentially allow data exfiltration from the browser.
Recommendations For Firefox versions prior to 109, update to version 109 or later. For Thunderbird versions prior to 102.7, update to version 102.7 or later. For Firefox ESR versions prior to 102.7, update to version 102.7 or later.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-185CWE-770

Related Identifiers

ALSA-2023:0285
ALSA-2023:0288
ALSA-2023:0463
ALSA-2023:0476
ALT-PU-2023-1084
ALT-PU-2023-1119
ALT-PU-2023-1140
ALT-PU-2023-1193
ALT-PU-2023-1243
ALT-PU-2023-1315
ALT-PU-2023-1478
ALT-PU-2023-1758
ALT-PU-2023-4335
ALT-PU-2023-4365
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-04827
CESA-2023_0288
CESA-2023_0296
CESA-2023_0456
CESA-2023_0463
CVE-2023-23603
DLA-3275-1
DLA-3324-1
DSA-5322-1
DSA-5355-1
MGASA-2023-0018
MGASA-2023-0034
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2023_0113-1
OPENSUSE-SU-2023_0329-1
OPENSUSE-SU-2024:12623-1
OPENSUSE-SU-2024:12627-1
OPENSUSE-SU-2024:12652-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:0285
RHSA-2023:0286
RHSA-2023:0288
RHSA-2023:0289
RHSA-2023:0290
RHSA-2023:0294
RHSA-2023:0295
RHSA-2023:0296
RHSA-2023:0456
RHSA-2023:0457
RHSA-2023:0459
RHSA-2023:0460
RHSA-2023:0461
RHSA-2023:0462
RHSA-2023:0463
RHSA-2023:0476
RHSA-2023_0285
RHSA-2023_0288
RHSA-2023_0296
RHSA-2023_0456
RHSA-2023_0463
RHSA-2023_0476
RLSA-2023:0285
RLSA-2023:0288
RLSA-2023:0463
RLSA-2023:0476
SUSE-SU-2023:0111-1
SUSE-SU-2023:0112-1
SUSE-SU-2023:0113-1
SUSE-SU-2023:0329-1
USN-5816-1
USN-5816-2
USN-5824-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu