PT-2023-1312 · Mozilla+4 · Firefox+4

Niklas Baumstark

Published

2023-01-17

Updated

2024-12-12

CVE-2023-23597

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 109

Description A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. The vulnerability is related to errors in security settings and can be exploited by a remote attacker to read arbitrary files.

Recommendations For versions prior to 109, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of arbitrary file read.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-254

Related Identifiers

ALT-PU-2023-1084

ALT-PU-2023-1478

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-00597

CVE-2023-23597

OPENSUSE-SU-2024:12623-1

OPENSUSE-SU-2024:14572-1

USN-5816-1

USN-5816-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-1312 · Mozilla+4 · Firefox+4

CVE-2023-23597

Weakness Enumeration

Related Identifiers

Affected Products

References · 1889