Session Restore Helper Crash in Firefox for iOS by Mozilla
CVE-2023-37456

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 12 July 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability in Firefox for iOS allows the session restore helper to crash when no parameter is sent to the message handler, disrupting user sessions. This issue affects versions earlier than 115, potentially compromising user experience and stability. Users should ensure their applications are updated to mitigate any associated risks.

Affected Version(s)

Firefox for iOS < 115

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2023-37456
Created by SpiralBL0CK

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1795496

https://www.mozilla.org/security/advisories/mfsa2023-25/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 6, 2025
👾
Exploit known to exist
Mar 6, 2025
Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 6, 2023

Credit

Artem Chaykin