CVE-2023-37456

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 115

Description The issue is related to insufficient input validation, which can lead to a denial-of-service (DoS) attack by a remote attacker. Specifically, the session restore helper crashes when no parameter is sent to the message handler.

Recommendations For Firefox for iOS versions prior to 115, update to version 115 or later to resolve the issue. As a temporary workaround, consider restricting the use of the session restore helper until a patch is available.

Fix

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-476

Related Identifiers

BDU:2023-04456

CVE-2023-37456

Affected Products

Firefox

CVE-2023-37456

Weakness Enumeration

Related Identifiers

Affected Products

References · 6