CVE-2023-25731

Summary

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 110affected

Weaknesses

  • Prototype pollution when rendering URLPreview

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References