PT-2023-2010 · Mozilla · Firefox For Android
Chris Peterson
·
Published
2023-02-28
·
Updated
2024-12-11
·
CVE-2023-25747
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Firefox for Android versions prior to 110.1.0
Description
The issue is related to a use-after-free vulnerability in the libaudio library of Mozilla Firefox for Android. This vulnerability can be exploited by a remote attacker using a specially crafted web page, potentially allowing the execution of arbitrary code. The vulnerability is caused by the use of memory after it has been freed.
Recommendations
For Firefox for Android versions prior to 110.1.0, update to version 110.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the AAudio backend when running on Android API below version 30 to minimize the risk of exploitation.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox For Android