Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Published

2023-06-02T17:15:11.990

Last Modified

2024-11-21T07:50:04.787

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 111.0	Yes
Application	mozilla	firefox_esr	< 102.9	Yes
Application	mozilla	thunderbird	< 102.9	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 Issue Tracking, Permissions Required, Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2023-09/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2023-10/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2023-11/ Vendor Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1811627 Issue Tracking, Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2023-09/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2023-10/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2023-11/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)