Lucene search

K

[email protected]NVD:CVE-2023-6865

HistoryDec 19, 2023 - 2:15 p.m.

CVE-2023-6865

2023-12-1914:15:07

[email protected]

web.nvd.nist.gov

encryptingoutputstream

uninitialized data

local disk

private browsing mode

vulnerability

firefox esr

firefox

cve-2023-6865

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.2%

EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Affected configurations

NVD

Node

mozillafirefoxRange<121.0

OR

mozillafirefox_esrRange<115.6

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

OR

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1864123

lists.debian.org/debian-lts-announce/2023/12/msg00020.html

security.gentoo.org/glsa/202401-10

www.debian.org/security/2023/dsa-5581

www.mozilla.org/security/advisories/mfsa2023-54/

www.mozilla.org/security/advisories/mfsa2023-56/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.2%

Related for NVD:CVE-2023-6865

prion1 veracode1 cve1 redhatcve1 ubuntucve1 alpinelinux1 cvelist1 debiancve1 redhat9 nessus32 osv7 openvas16 centos1 mozilla2 kaspersky2 oraclelinux3 almalinux2 mageia1 debian2 slackware1 rocky1 ubuntu2 gentoo1