PT-2023-1953 · Mozilla+10 · Firefox Esr+12

Lukas Bernhard

·

Published

2023-03-14

·

Updated

2025-01-09

·

CVE-2023-28162

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 111 Firefox ESR versions prior to 102.9 Thunderbird versions prior to 102.9
Description The issue is related to the implementation of AudioWorklets, where some code may have casted one type to another, invalid, dynamic type, potentially leading to a crash. This could be exploited by a remote attacker to cause a denial of service.
Recommendations For Firefox versions prior to 111, update to version 111 or later. For Firefox ESR versions prior to 102.9, update to version 102.9 or later. For Thunderbird versions prior to 102.9, update to version 102.9 or later.

Exploit

Fix

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

ALSA-2023:1336
ALSA-2023:1337
ALSA-2023:1403
ALSA-2023:1407
ALT-PU-2023-1443
ALT-PU-2023-1491
ALT-PU-2023-1492
ALT-PU-2023-1545
ALT-PU-2023-1546
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-1817
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2023-5202
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-01563
CESA-2023_1333
CESA-2023_1336
CESA-2023_1403
CVE-2023-28162
DLA-3364-1
DLA-3365-1
DSA-5374-1
DSA-5375-1
MGASA-2023-0111
MGASA-2023-0116
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2024:12786-1
OPENSUSE-SU-2024:12791-1
OPENSUSE-SU-2024:12839-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:1333
RHSA-2023:1336
RHSA-2023:1337
RHSA-2023:1364
RHSA-2023:1367
RHSA-2023:1401
RHSA-2023:1402
RHSA-2023:1403
RHSA-2023:1404
RHSA-2023:1407
RHSA-2023:1442
RHSA-2023:1443
RHSA-2023:1444
RHSA-2023:1445
RHSA-2023:1472
RHSA-2023:1479
RHSA-2023_1333
RHSA-2023_1336
RHSA-2023_1337
RHSA-2023_1401
RHSA-2023_1403
RHSA-2023_1407
RLSA-2023:1336
RLSA-2023:1337
RLSA-2023:1403
RLSA-2023:1407
SUSE-SU-2023:0728-1
SUSE-SU-2023:0763-1
SUSE-SU-2023:0835-1
SUSE-SU-2023:1736-1
USN-5954-1
USN-5954-2
USN-5972-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu