CVE-2023-6857

Summary

When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 115.6affected
MozillaThunderbirdunspecified < 115.6affected
MozillaFirefoxunspecified < 121affected

Weaknesses

  • Symlinks may resolve to smaller than expected buffers

ADP Enrichment

CVE Program Container

Additional References

References