IBM2100BE18E7C2A17BBEA03AFA7CCCE0623406DF18566BF917D18A11C0309A1656Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.5%
Summary
Mozilla Firefox ESR is used by IBM Cloud Pak for Multicloud Management Monitoring as part of the selenium scripts / tests agent.
Vulnerability Details
CVEID:CVE-2023-29539
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to download arbitrary files, caused by the truncation of Content-Disposition filename. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to lead to a reflected file download attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252416 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-46880
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241959 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-29531
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access using WebGL APIs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252408 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-32212
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the address bar. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254748 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-28163
**DESCRIPTION:**Mozilla Firefox could provide weaker than expected, caused by an error when the Windows Save As dialog resolve environment variables. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249971 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2022-46878
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241946 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25751
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by incorrect code generation during JIT compilation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249966 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-32214
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by an error related to protocol handlers ms-cxh and ms-cxh-full. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-25735
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free from compartment mismatch in SpiderMonkey. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-28176
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249972 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-46881
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241960 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-0767
**DESCRIPTION:**Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an arbitrary memory write. By constructing a PKCS 12 cert bundle in such a way, a remote attacker could exploit this vulnerability using PKCS 12 Safe Bag attributes to allow for arbitrary memory writes and execute arbitrary code on the vulnerable system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247260 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-23601
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by navigations being allowed when dragging a URL from a cross-origin iframe into the same tab. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct spoofing attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244845 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2022-46874
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the truncation of a filename which removes the valid extension, and leaving a malicious extension in its place. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241954 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-23599
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the improper validation of output when copying a network request from the developer tools panel as a curl command. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow arbitrary commands to be hidden within.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-29533
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obscure the fullscreen notification and conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252409 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-28164
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by dragging a URL from a cross-origin iframe that was removed during the drag. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause user confusion or perform spoofing attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249957 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-1945
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the Safe Browsing code. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252463 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25744
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247288 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25732
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write from EncodeInputStream. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247280 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25743
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a lack of in app notification for entering fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the Web site.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247259 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2022-45421
**DESCRIPTION:**Mozilla Firefox and Firefox ESR could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240137 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-29550
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252460 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-46882
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241961 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-32207
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a missing delay in popup notifications. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trick a user into granting permissions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254743 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2022-46872
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a compromised content process. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to escape the sandbox to read arbitrary files via clipboard-related IPC messages.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241952 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-25752
**DESCRIPTION:**Mozilla Firefox could provide weaker than expected, caused by an out-of-bounds when accessing throttled streams. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to lead future code to be incorrect and vulnerable.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-23603
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to account for external URLs by regular expressions used to filter out forbidden properties and values from style directives in calls to console.log. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to exfiltrate data from the browser.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244847 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-25728
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a Content security policy leak in violation reports using iframes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using the Content-Security-Policy-Report-Only header to leak a child iframe’s unredacted URI.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247257 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-25746
**DESCRIPTION:**Mozilla Firefox ESR could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-23598
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the use of text/plain for a GTK drag and drop on Linux. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using a call to DataTransfer.setData to read arbitrary files on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244840 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-29542
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the use of a newline in a filename. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass the file extension security mechanisms.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252419 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-25729
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by permission prompts for opening external schemes being opened by extensions and without user interaction. A remote attacker could exploit this vulnerability to conduct malicious actions such as downloading files or interacting with software already installed on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247279 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-32206
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-bounds read. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a crash in the RLBox Expat driver.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-34414
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to hijack the clicking action of the victim, caused by the error page for sites with invalid TLS certificates missing the activation-delay. By persuading a victim to click in precise locations immediately before navigating to a Web site with a certificate error, a remote attacker could exploit this vulnerability through rendering lag to hijack certificate exceptions.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257262 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-25734
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the opening of local .url files. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to unexpected network requests from the operating system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247281 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-29541
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle downloads of files ending in .desktop. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to run attacker-controlled commands.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252418 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-29545
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252455 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-29532
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by tricking the Mozilla Maintenance Service into applying an unsigned update file. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass the write-lock.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252410 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-25730
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a background script that invokes requestFullscreen and then blocks the main thread. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to hijack the screen and conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247258 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-32205
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of browser prompts by popups controlled by content. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-34416
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257261 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-29536
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the failure to correctly free a pointer that addresses attacker-controlled memory. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252413 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-32213
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in FileReader::DoReadData(). By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254749 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-29535
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption following Garbage Collector compaction. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252412 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25738
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by the failure to validate members of the DEVMODEW struct set by the printer device driver. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to attempt out of bounds access to related variables, resulting in a crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247262 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-32215
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254742 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-29548
**DESCRIPTION:**Mozilla Firefox could provide weaker than expected security, caused by wrong lowering instruction in the ARM64 Ion compiler. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to result in a wrong optimization result.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252458 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-28162
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by invalid downcast in Worklets. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-25739
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free mozilla::dom::ScriptLoadContext::~ScriptLoadContext. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247263 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25742
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by the improper handling of the key when importing a SPKI RSA public key as ECDSA P-256. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the tab to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247287 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-32211
**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a type checking bug. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a content process crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254747 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-23605
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244839 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-25737
**DESCRIPTION:**Mozilla Firefox could provide weaker than expected security, caused by an invalid downcast from nsTextNode to SVGElement. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to undefined behavior.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247261 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-23602
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to correctly apply Content Security Policy to WebSockets in WebWorkers. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to connections to restricted origins from inside WebWorkers.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244846 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Pak for Multicloud Management Monitoring | 2.0-2.3 FP6 |
Remediation/Fixes
IBM strongly recommends addressing these vulnerabilities now by upgrading
Upgrade to IBM Cloud Pak for Multicloud Management 2.3 fix pack 7 by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=upgrade-upgrading-fix-pack-7>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak for multicloud management | eq | 2.3 | |
| ibm cloud pak for multicloud management | eq | 7 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.5%