CVE-2023-25752

CVSS v3.1 6.5 (Medium)

EPSS 0.10 % (42^th)

Affected Products 3

Advisories 37

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-06-02 17:15:11
(15 months ago)
Updated Date: 2023-06-09 18:40:27
(15 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 111.0 version	cpe:2.3:a:mozilla:firefox	< 111.0
Mozilla Firefox Esr prior 102.9 version	cpe:2.3:a:mozilla:firefox_esr	< 102.9
Mozilla Thunderbird prior 102.9 version	cpe:2.3:a:mozilla:thunderbird	< 102.9