PT-2023-7975 · Mozilla+9 · Firefox+9

Jan Varga

Published

2023-12-19

Updated

2025-03-21

CVE-2023-6865

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 115.6 Firefox versions prior to 121

Description The issue is related to the EncryptingOutputStream being susceptible to exposing uninitialized data. This could be abused to write data to a local disk, potentially affecting private browsing mode. The vulnerability may allow a remote attacker to disclose protected information.

Recommendations For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Firefox versions prior to 121, update to version 121 or later. As a temporary workaround, consider restricting access to sensitive data when using private browsing mode until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457

Related Identifiers

ALSA-2024:0012

ALSA-2024:0025

ALT-PU-2023-8216

ALT-PU-2023-8227

ALT-PU-2023-8231

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-3614

BDU:2023-09059

CESA-2024_0012

CESA-2024_0026

CVE-2023-6865

DLA-3697-1

DSA-5581-1

MGASA-2024-0012

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2023_4928-1

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

RHSA-2024:0011

RHSA-2024:0012

RHSA-2024:0019

RHSA-2024:0021

RHSA-2024:0022

RHSA-2024:0023

RHSA-2024:0024

RHSA-2024:0025

RHSA-2024:0026

RHSA-2024_0012

RHSA-2024_0025

RHSA-2024_0026

RLSA-2024:0012

SUSE-SU-2023:4912-1

SUSE-SU-2023:4928-1

SUSE-SU-2023:4929-1

USN-6562-1

USN-6562-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2023-7975 · Mozilla+9 · Firefox+9

CVE-2023-6865

Weakness Enumeration

Related Identifiers

Affected Products

References · 2024