Lucene search

K

Redhat.comRH:CVE-2023-4046

HistoryAug 02, 2023 - 7:51 a.m.

CVE-2023-4046

2023-08-0207:51:32

redhat.com

access.redhat.com

21

mozilla

security advisory

flaw

wasm jit

compilation

content process

exploitable

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

31.6%

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process.

References

bugzilla.redhat.com/show_bug.cgi?id=2228361

nvd.nist.gov/vuln/detail/CVE-2023-4046

www.cve.org/CVERecord?id=CVE-2023-4046

www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046

www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046

www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046

www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

31.6%

Related for RH:CVE-2023-4046