PT-2023-6530 · Mozilla+5 · Firefox+5

Daniel Veditz

Published

2023-10-24

Updated

2025-03-14

CVE-2023-5723

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 119

Description The issue is related to insufficient input validation when handling cookies, which could allow a remote attacker to execute arbitrary code. An attacker with temporary script access to a site could set a cookie containing invalid characters using document.cookie, potentially leading to unknown errors.

Recommendations For versions prior to 119, update to Firefox version 119 or later to resolve the issue. As a temporary workaround, consider restricting the use of the document.cookie until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-6639

ALT-PU-2023-7363

ALT-PU-2023-7774

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-07277

CVE-2023-5723

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_4214-1

OPENSUSE-SU-2024:13385-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:4212-1

SUSE-SU-2023:4213-1

SUSE-SU-2023:4214-1

USN-6456-1

USN-6456-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Suse

Ubuntu

PT-2023-6530 · Mozilla+5 · Firefox+5

CVE-2023-5723

Weakness Enumeration

Related Identifiers

Affected Products

References · 2091