Vulnerability Description
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 117.0 |
| Mozilla | Firefox Esr | < 115.2 |
| Mozilla | Thunderbird | < 115.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1842030Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2023-34/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-36/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-38/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1842030Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2023-34/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-36/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-38/Vendor Advisory
FAQ
What is CVE-2023-4583?
CVE-2023-4583 is a vulnerability with a CVSS score of 7.5 (HIGH). When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for ...
How severe is CVE-2023-4583?
CVE-2023-4583 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4583?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird.