Use-After-Free Vulnerability in Firefox for Android by Mozilla
CVE-2023-25747

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox For Android
Vendor: CVE Published:; 19 June 2023

What is CVE-2023-25747?

A use-after-free vulnerability exists in the libaudio component of Firefox for Android that can be exploited when the AAudio backend is enabled on devices running Android API levels below 30. This issue can lead to unexpected behavior in the application. Mozilla has addressed this vulnerability by disabling the AAudio backend for affected API levels. Users are encouraged to update to Firefox for Android version 110.1.0 or later to ensure the application runs securely.

Affected Version(s)

Firefox for Android < 110.1.0

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1815801

https://www.mozilla.org/security/advisories/mfsa2023-08/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Feb 13, 2023

Credit

Chris Peterson