6.5

CVE-2023-23597

Logic bug in process allocation allowed to read arbitrary files

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 109.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.256
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://bugzilla.mozilla.org/show_bug.cgi?id=1538028
Vendor Advisory
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-01/
Vendor Advisory