CVE-2023-4048

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1

Description An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. The issue is related to the application's failure to properly control the consumption of internal resources when analyzing HTML using DOMParser. Exploitation of the vulnerability may allow a remote attacker to bypass existing security restrictions, cause resource exhaustion, and perform a denial-of-service (DoS) attack.

Recommendations For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 102.14, update to version 102.14 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later. As a temporary workaround, consider disabling the DOMParser functionality until a patch is available. Restrict access to resources that may be affected by the vulnerability to minimize the risk of exploitation.