PT-2023-2863 · Mozilla+5 · Thunderbird+7

Edward Prior

·

Published

2023-05-09

·

Updated

2024-12-12

·

CVE-2023-32214

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 113 Firefox ESR versions prior to 102.11 Thunderbird versions prior to 102.11
Description The issue is related to the incorrect functioning of ms-cxh and ms-cxh-full protocol handlers, which could be leveraged to trigger a denial of service. This affects Windows operating systems. The exploitation of this issue may allow a remote attacker to cause the application to crash using a specially crafted website.
Recommendations For Firefox versions prior to 113, update to version 113 or later to resolve the issue. For Firefox ESR versions prior to 102.11, update to version 102.11 or later to resolve the issue. For Thunderbird versions prior to 102.11, update to version 102.11 or later to resolve the issue. As a temporary workaround, consider disabling the ms-cxh and ms-cxh-full protocol handlers until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-939

Related Identifiers

ALT-PU-2023-1773
ALT-PU-2023-1811
ALT-PU-2023-1822
ALT-PU-2023-1872
ALT-PU-2023-1895
ALT-PU-2023-1900
ALT-PU-2023-1901
ALT-PU-2023-1984
ALT-PU-2023-1985
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2024-14035
ALT-PU-2024-4241
BDU:2023-02810
CVE-2023-32214
OPENSUSE-SU-2024:12918-1
OPENSUSE-SU-2024:12920-1
OPENSUSE-SU-2024:12921-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:2173-1
SUSE-SU-2023:2175-1
SUSE-SU-2023:2176-1
SUSE-SU-2023:2211-1

Affected Products

Alt Linux
Astra Linux
Firefox
Firefox Esr
Red Os
Suse
Thunderbird
Windows