Memory Management Flaw in Mozilla Products
CVE-2023-29536

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Focus for Android; Firefox ESR; Firefox for Android
Vendor: CVE Published:; 2 June 2023

What is CVE-2023-29536?

A critical flaw in Mozilla's memory management mechanism allows an attacker to control specific memory areas, leading to potential crashes or memory corruption. This vulnerability affects various versions of Firefox, Thunderbird, and Focus for Android, enabling an attacker to manipulate the memory manager in a way that could result in instability or exploitation upon triggering the flaw.

Affected Version(s)

Firefox < 112

Firefox ESR < 102.10

Firefox for Android < 112

References

https://www.mozilla.org/security/advisories/mfsa2023-15/

https://www.mozilla.org/security/advisories/mfsa2023-14/

https://www.mozilla.org/security/advisories/mfsa2023-13/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Apr 7, 2023