PT-2023-1691 · Mozilla+10 · Firefox+10
Gabriele Svelto
+2
·
Published
2023-01-17
·
Updated
2024-12-12
·
CVE-2023-25744
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions 109 and earlier
Firefox ESR versions 102.7 and earlier
Description
The issue is related to memory safety bugs, which have shown evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow due to lack of input size validation, allowing a remote attacker to execute arbitrary code on the target system.
Recommendations
For Firefox versions 109 and earlier, update to version 110 or later.
For Firefox ESR versions 102.7 and earlier, update to version 102.8 or later.
Exploit
Fix
Special Elements Injection
Improper Neutralization
Buffer Overflow
Command Injection
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu