CVE-2023-4577

Summary

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 117affected
MozillaFirefox ESRunspecified < 115.2affected
MozillaThunderbirdunspecified < 115.2affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References