CNVD-2023-74540 — Vulnetix

CNVD-2023-74540 PUBLISHED CVSS 9.800000190734863 CRITICAL

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在内存破坏漏洞，远程攻击者可以利用该漏洞提交特殊的Web请求，诱使用户解析，可使应用程序崩溃或以应用程序上下文执行任意代码。

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	unspecified
Mozilla	Thunderbird	unspecified
Mozilla	Firefox ESR	unspecified

Exploit Intelligence

CIRCL seen: CVE-2023-5176 (circl-sighting)
Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (circl)
https://www.mozilla.org/security/advisories/mfsa2023-41/ (circl)
https://www.mozilla.org/security/advisories/mfsa2023-42/ (circl)
https://www.mozilla.org/security/advisories/mfsa2023-43/ (circl)
https://www.debian.org/security/2023/dsa-5506 (circl)
https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html (circl)
https://www.debian.org/security/2023/dsa-5513 (circl)
https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html (circl)

Timeline

Sep 26, 2023 CVE Published
Sep 27, 2023 PoC Published
May 27, 2026 Distribution Patch
May 27, 2026 Distribution Patch

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›