Vulnerability Details : CVE-2023-25752
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Exploit prediction scoring system (EPSS) score for CVE-2023-25752
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 20 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-25752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2023-25752
-
https://www.mozilla.org/security/advisories/mfsa2023-10/
Security Vulnerabilities fixed in Firefox ESR 102.9 — MozillaVendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2023-09/
Security Vulnerabilities fixed in Firefox 111 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1811627
Access DeniedIssue Tracking;Permissions Required;Vendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2023-11/
Security Vulnerabilities fixed in Thunderbird 102.9 — MozillaVendor Advisory
Products affected by CVE-2023-25752
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*