PT-2023-2215 · Mozilla+3 · Thunderbird+5

Mashupmark

Published

2023-02-14

Updated

2025-01-09

CVE-2023-25738

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8

Description The issue is related to the validation of members of the DEVMODEW struct set by the printer device driver, which could result in invalid values and cause out of bounds access to related variables. This could potentially allow a remote attacker to execute arbitrary code. The estimated number of potentially affected devices is not specified. This issue only affects Firefox on Windows, while other operating systems are unaffected.

Recommendations For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALT-PU-2023-1374

ALT-PU-2023-1386

ALT-PU-2023-1387

ALT-PU-2023-1411

ALT-PU-2023-1435

ALT-PU-2023-1478

ALT-PU-2023-1758

ALT-PU-2023-1765

ALT-PU-2023-4365

ALT-PU-2023-4366

BDU:2023-01963

CVE-2023-25738

OPENSUSE-SU-2023_0461-1

OPENSUSE-SU-2024:12702-1

OPENSUSE-SU-2024:12713-1

OPENSUSE-SU-2024:12753-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:0461-1

SUSE-SU-2023:0466-1

SUSE-SU-2023:0469-1

SUSE-SU-2023:0599-1

Affected Products

Alt Linux

Astra Linux

Firefox

Firefox Esr

Suse

Thunderbird

PT-2023-2215 · Mozilla+3 · Thunderbird+5

CVE-2023-25738

Weakness Enumeration

Related Identifiers

Affected Products

References · 1889