CVE-2023-25752

Summary

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 111affected
MozillaFirefox ESRunspecified < 102.9affected
MozillaThunderbirdunspecified < 102.9affected

Weaknesses

  • Potential out-of-bounds when accessing throttled streams

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References