PT-2023-2859 · Mozilla+10 · Firefox+12
P1Umer
+1
·
Published
2023-05-09
·
Updated
2024-12-12
·
CVE-2023-32211
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 113
Firefox ESR versions prior to 102.11
Thunderbird versions prior to 102.11
Description
A type checking bug could lead to invalid code being compiled, potentially allowing a remote attacker to cause a denial of service using a specially crafted website. The issue is related to type confusion errors in Firefox and Firefox ESR, which can be exploited by a remote attacker. In the case of Mozilla Thunderbird, the vulnerability is associated with a type confusion error when processing HTML content, allowing an attacker to trick a victim into opening a specially crafted website, causing a browser crash.
Recommendations
For Firefox versions prior to 113, update to version 113 or later.
For Firefox ESR versions prior to 102.11, update to version 102.11 or later.
For Thunderbird versions prior to 102.11, update to version 102.11 or later.
Exploit
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu