CVE-2023-25732

Summary

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 110affected
MozillaThunderbirdunspecified < 102.8affected
MozillaFirefox ESRunspecified < 102.8affected

Weaknesses

  • Out of bounds memory write from EncodeInputStream

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References