Optimization Flaw in Firefox and Thunderbird by Mozilla
CVE-2023-29548

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Focus for Android; Firefox ESR; Firefox for Android
Vendor: CVE Published:; 2 June 2023

Summary

This vulnerability stems from an incorrect lowering instruction within the ARM64 Ion compiler used in Mozilla's Firefox and Thunderbird products. The issue leads to faulty optimization results, which could potentially allow an attacker to exploit the affected applications. Users of Firefox versions below 112, Thunderbird versions below 102.10, and their mobile counterparts should take urgent measures to update their software to the latest versions to mitigate risk.

Affected Version(s)

Firefox < 112

Firefox ESR < 102.10

Firefox for Android < 112

References

https://www.mozilla.org/security/advisories/mfsa2023-15/

https://www.mozilla.org/security/advisories/mfsa2023-14/

https://www.mozilla.org/security/advisories/mfsa2023-13/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Apr 7, 2023