Vulnerability Description
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 121.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1849037Issue TrackingPermissions Required
- https://security.gentoo.org/glsa/202401-10Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-56/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1849037Issue TrackingPermissions Required
- https://security.gentoo.org/glsa/202401-10Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2023-56/Vendor Advisory
FAQ
What is CVE-2023-6866?
CVE-2023-6866 is a vulnerability with a CVSS score of 8.8 (HIGH). TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.
How severe is CVE-2023-6866?
CVE-2023-6866 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6866?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.