1. Home
  2. CVE Database
  3. CVE-2023-25738
MEDIUM · 6.5

CVE-2023-25738

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of b...

Vulnerability Description

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
MozillaFirefox< 110.0
MozillaFirefox Esr< 102.8
MozillaThunderbird< 102.8
MicrosoftWindows-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2023-25738?

CVE-2023-25738 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of b...

How severe is CVE-2023-25738?

CVE-2023-25738 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25738?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird, Microsoft Windows.