6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
22.2%
Members of the <code>DEVMODEW</code> struct set by the printer device
driver weren’t being validated and could have resulted in invalid values
which in turn would cause the browser to attempt out of bounds access to
related variables.<br>This bug only affects Firefox on Windows. Other
operating systems are unaffected.. This vulnerability affects Firefox <
110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap windows-specific issue |
launchpad.net/bugs/cve/CVE-2023-25738
nvd.nist.gov/vuln/detail/CVE-2023-25738
security-tracker.debian.org/tracker/CVE-2023-25738
www.cve.org/CVERecord?id=CVE-2023-25738
www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25738
www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
22.2%