CVE-2023-4048

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1841368	Issue Tracking Permissions Required
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html	Third Party Advisory
https://www.debian.org/security/2023/dsa-5464	Third Party Advisory
https://www.debian.org/security/2023/dsa-5469	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2023-29/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-30/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-31/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

History

11 Aug 2023, 20:03

Type	Values Removed	Values Added
References	~~(MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html -~~	(MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html - Third Party Advisory
References	~~(MISC) https://www.debian.org/security/2023/dsa-5469 -~~	(MISC) https://www.debian.org/security/2023/dsa-5469 - Third Party Advisory
References	~~(MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html -~~	(MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html - Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:10.0:::::::*

09 Aug 2023, 21:15

Type	Values Removed	Values Added
References		(MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html -

08 Aug 2023, 12:15

Type	Values Removed	Values Added
References		(MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html -

07 Aug 2023, 08:15

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5469 -

04 Aug 2023, 18:51

Type	Values Removed	Values Added
CWE		CWE-125
First Time		Mozilla firefox Esr Debian debian Linux Mozilla Mozilla firefox Debian
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:a:mozilla:firefox_esr::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ -~~	(MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ - Vendor Advisory
References	~~(MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ -~~	(MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ - Vendor Advisory
References	~~(MISC) https://www.debian.org/security/2023/dsa-5464 -~~	(MISC) https://www.debian.org/security/2023/dsa-5464 - Third Party Advisory
References	~~(MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ -~~	(MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ - Vendor Advisory
References	~~(MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1841368 -~~	(MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1841368 - Issue Tracking, Permissions Required

04 Aug 2023, 04:15

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5464 -

01 Aug 2023, 15:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-01 15:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-4048

Mitre link : CVE-2023-4048

CVE.ORG link : CVE-2023-4048

JSON object : View

Products Affected

mozilla

firefox_esr
firefox

debian

debian_linux

CWE

CWE-125

Out-of-bounds Read

7.5 /10