CVE-2023-25735

Summary

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 110affected
MozillaThunderbirdunspecified < 102.8affected
MozillaFirefox ESRunspecified < 102.8affected

Weaknesses

  • Potential use-after-free from compartment mismatch in SpiderMonkey

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References