Memory Safety Issues in Firefox and Thunderbird Products by Mozilla
CVE-2023-29550

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Focus for Android; Firefox ESR; Firefox for Android
Vendor: CVE Published:; 2 June 2023

Summary

The identified vulnerability pertains to memory safety flaws in multiple versions of Firefox and Thunderbird. These bugs have shown signs of memory corruption, which suggests that with sufficient effort, they could potentially be exploited to execute arbitrary code. This raises significant concerns for the security integrity of users relying on these applications.

Affected Version(s)

Firefox < 112

Firefox ESR < 102.10

Firefox for Android < 112

References

https://www.mozilla.org/security/advisories/mfsa2023-15/

https://www.mozilla.org/security/advisories/mfsa2023-14/

https://www.mozilla.org/security/advisories/mfsa2023-13/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Apr 7, 2023