CVE-2023-4578

Summary

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 117affected
MozillaFirefox ESRunspecified < 115.2affected
MozillaThunderbirdunspecified < 115.2affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References