CVE-2023-28159 — Vulnetix

CVE-2023-28159 PUBLISHED

In Mozilla Firefox und Mozilla Firefox ESR existieren mehrere Schwachstellen. Diese sind auf ungepatchte Schwachstellen, Out-of-Bounds Fehler, Speicherfehler, Cross-Origin-iFrames und andere Fehler zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

EPSS 0.25% · 48.5th percentile

Risk Scores

EPSS Score

0.25%

48.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu	Ubuntu Linux
Oracle	Oracle Linux
Gentoo	Gentoo Linux
Open Source	Open Source CentOS
Red Hat	Red Hat Enterprise Linux
SUSE	SUSE Linux
Amazon	Amazon Linux 2
Debian	Debian Linux

Exploit Intelligence

https://www.mozilla.org/security/advisories/mfsa2023-09/ (circl)
https://bugzilla.mozilla.org/show_bug.cgi?id=1798798 (circl)
CIRCL seen: CVE-2023-25748 (circl-sighting)
https://bugzilla.mozilla.org/show_bug.cgi?id=1783561 (cve.org)

Timeline

Mar 14, 2023 CVE Published
Jun 2, 2023 PoC Published
Jun 3, 2023 EPSS Score
Jul 9, 2023 EPSS Score
Aug 14, 2023 EPSS Score
Sep 19, 2023 EPSS Score
Sep 27, 2023 CVE Updated
Oct 25, 2023 EPSS Score
Nov 30, 2023 EPSS Score
Jan 5, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 16, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0643.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0643 advisory
https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-004.html advisory
https://security.gentoo.org/glsa/202305-35 advisory
https://access.redhat.com/errata/RHSA-2023:1479 advisory
https://ubuntu.com/security/notices/USN-5954-2 advisory
https://access.redhat.com/errata/RHSA-2023:1445 advisory
https://access.redhat.com/errata/RHSA-2023:1444 advisory
https://lists.centos.org/pipermail/centos-announce/2023-March/086391.html advisory
https://access.redhat.com/errata/RHSA-2023:1364 advisory
https://access.redhat.com/errata/RHSA-2023:1367 advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014107.html advisory
https://access.redhat.com/errata/RHSA-2023:1333 advisory
http://linux.oracle.com/errata/ELSA-2023-1333.html advisory
http://linux.oracle.com/errata/ELSA-2023-1337.html advisory
http://linux.oracle.com/errata/ELSA-2023-1336.html advisory
https://access.redhat.com/errata/RHSA-2023:1337 advisory
https://access.redhat.com/errata/RHSA-2023:1336 advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00015.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014065.html advisory

…and 4 more

Open in Interactive Console →