Vulnerability CVE-2023-25752: Information

Description

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-25752
Published: June 2, 2023
Modified: June 9, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus111.0-alt1125.0.2-alt1ALT-PU-2023-1443-1316754Fixed
firefoxsisyphus_riscv64111.0-alt0.1.rv64124.0.1-alt0.portALT-PU-2023-2864-1-Fixed
firefoxp10112.0.2-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2023-1817-1319679Fixed
firefoxc10f1112.0.2-alt0.p10.1112.0.2-alt0.p10.1ALT-PU-2023-5202-3327804Fixed
firefox-esrsisyphus102.9.0-alt1115.10.0-alt1ALT-PU-2023-1491-1317198Fixed
firefox-esrp10102.9.0-alt1115.10.0-alt1ALT-PU-2023-1546-1317236Fixed
firefox-esrp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4365-2324721Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrc9f2102.10.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2023-1758-1319753Fixed
thunderbirdsisyphus102.9.0-alt1115.9.0-alt1ALT-PU-2023-1492-1317199Fixed
thunderbirdp10102.9.0-alt1115.9.0-alt1ALT-PU-2023-1545-1317237Fixed
thunderbirdp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4366-2324721Fixed
thunderbirdc10f1102.9.0-alt1115.9.0-alt0.c10.1ALT-PU-2023-1545-1317237Fixed
thunderbirdc9f2102.10.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-1765-1319783Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2023-11/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1811627
  • Issue Tracking
  • Permissions Required
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-10/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-09/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      111.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      102.9
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      102.9
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top