Published: 02/06/2023 Updated: 08/06/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox_esr
mozilla thunderbird

DescriptionThe Mozilla Foundation Security Advisory describes this flaw as: Members of the `DEVMODEW` struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables *This bug only affects Firefox on Windows ...

Mozilla Foundation Security Advisory 2023-06 Security Vulnerabilities fixed in Firefox ESR 1028 Announced February 14, 2023 Impact high Products Firefox ESR Fixed in Firefox ESR 1028 ...

Mozilla Foundation Security Advisory 2023-05 Security Vulnerabilities fixed in Firefox 110 Announced February 14, 2023 Impact high Products Firefox Fixed in Firefox 110 ...

Mozilla Foundation Security Advisory 2023-07 Security Vulnerabilities fixed in Thunderbird 1028 Announced February 15, 2023 Impact low Products Thunderbird Fixed in Thunderbird 1028 ...

CWE-125 https://www.mozilla.org/security/advisories/mfsa2023-05/https://www.mozilla.org/security/advisories/mfsa2023-07/https://bugzilla.mozilla.org/show_bug.cgi?id=1811852 https://www.mozilla.org/security/advisories/mfsa2023-06/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-25738 https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/

CVE-2023-25738

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect