PT-2023-4029 · Mozilla+10 · Firefox+10

Alexander Guryanov

·

Published

2023-08-01

·

Updated

2024-12-12

·

CVE-2023-4046

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1
Description The issue is related to incorrect cleanup or release of resources in the WASM JIT component of Firefox browsers. This could allow a remote attacker to cause a denial of service. In some cases, a stale value could be used for a global variable in WASM JIT analysis, resulting in incorrect compilation and a potentially exploitable crash in the content process.
Recommendations For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 102.14, update to version 102.14 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later.

Exploit

Fix

Improper Resource Release

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-770

Related Identifiers

ALSA-2023:4462
ALSA-2023:4468
ALSA-2023:4497
ALSA-2023:4499
ALT-PU-2023-5754
ALT-PU-2023-5836
ALT-PU-2023-6436
ALT-PU-2024-13898
ALT-PU-2024-14035
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4748
BDU:2023-04327
CESA-2023_4468
CESA-2023_4497
CVE-2023-4046
DLA-3521-1
DLA-3523-1
DSA-5464-1
DSA-5469-1
MGASA-2023-0266
OESA-2023-1671
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2023_3162-1
OPENSUSE-SU-2023_3228-1
OPENSUSE-SU-2024:13091-1
OPENSUSE-SU-2024:13124-1
OPENSUSE-SU-2024:13133-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:4460
RHSA-2023:4461
RHSA-2023:4462
RHSA-2023:4463
RHSA-2023:4464
RHSA-2023:4465
RHSA-2023:4468
RHSA-2023:4469
RHSA-2023:4492
RHSA-2023:4493
RHSA-2023:4494
RHSA-2023:4495
RHSA-2023:4496
RHSA-2023:4497
RHSA-2023:4499
RHSA-2023:4500
RHSA-2023_4461
RHSA-2023_4462
RHSA-2023_4468
RHSA-2023_4495
RHSA-2023_4497
RHSA-2023_4499
RLSA-2023:4462
RLSA-2023:4468
RLSA-2023:4497
RLSA-2023:4499
ROSA-SA-2023-2232
ROSA-SA-2023-2233
SUSE-SU-2023:3161-1
SUSE-SU-2023:3162-1
SUSE-SU-2023:3163-1
SUSE-SU-2023:3228-1
SUSE-SU-2023_3161-1
SUSE-SU-2023_3162-1
SUSE-SU-2023_3163-1
USN-6267-1
USN-6267-2
USN-6267-3
USN-6333-1
USN-6406-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu