Vulnerability CVE-2023-25752: Information

Description

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-25752

Published: June 2, 2023

Modified: June 9, 2023

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	111.0-alt1	126.0.1-alt1	ALT-PU-2023-1443-1	316754	Fixed
firefox	sisyphus_riscv64	111.0-alt0.1.rv64	126.0-alt0.port	ALT-PU-2023-2864-1	-	Fixed
firefox	p10	112.0.2-alt0.p10.1	118.0.2-alt0.p10.1	ALT-PU-2023-1817-1	319679	Fixed
firefox	c10f1	112.0.2-alt0.p10.1	112.0.2-alt0.p10.1	ALT-PU-2023-5202-3	327804	Fixed
firefox	p11	111.0-alt1	126.0.1-alt1	ALT-PU-2023-1443-1	316754	Fixed
firefox-esr	sisyphus	102.9.0-alt1	115.11.0-alt1	ALT-PU-2023-1491-1	317198	Fixed
firefox-esr	p10	102.9.0-alt1	115.11.0-alt1	ALT-PU-2023-1546-1	317236	Fixed
firefox-esr	p9	102.11.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-4365-2	324721	Fixed
firefox-esr	c10f1	115.8.0-alt0.c10.1	115.9.1-alt0.c10.1	ALT-PU-2024-3614-2	340631	Fixed
firefox-esr	c9f2	102.10.0-alt0.c9.1	102.12.0-alt0.c9.1	ALT-PU-2023-1758-1	319753	Fixed
firefox-esr	p11	102.9.0-alt1	115.11.0-alt1	ALT-PU-2023-1491-1	317198	Fixed
thunderbird	sisyphus	102.9.0-alt1	115.9.0-alt1	ALT-PU-2023-1492-1	317199	Fixed
thunderbird	p10	102.9.0-alt1	115.9.0-alt1	ALT-PU-2023-1545-1	317237	Fixed
thunderbird	p9	102.11.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-4366-2	324721	Fixed
thunderbird	c10f1	102.9.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2023-1545-1	317237	Fixed
thunderbird	c9f2	102.10.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-1765-1	319783	Fixed
thunderbird	p11	102.9.0-alt1	115.9.0-alt1	ALT-PU-2023-1492-1	317199	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2023-11/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1811627	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-10/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-09/	Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  111.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  102.9
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  102.9

Version: v24.5.3

Vulnerability CVE-2023-25752: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1