CVE-2023-4046

Summary

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 116affected
MozillaFirefox ESRunspecified < 102.14affected
MozillaFirefox ESRunspecified < 115.1affected

Weaknesses

  • Incorrect value used during WASM compilation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References