Vulnerability Description
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 111.0 |
| Mozilla | Firefox Esr | < 102.9 |
| Mozilla | Thunderbird | < 102.9 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811627Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-09/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-10/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-11/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811627Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-09/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-10/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-11/Vendor Advisory
FAQ
What is CVE-2023-25752?
CVE-2023-25752 is a vulnerability with a CVSS score of 6.5 (MEDIUM). When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vul...
How severe is CVE-2023-25752?
CVE-2023-25752 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25752?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird.