CVE-2023-4577

CVSS v3.1 6.5 (Medium)

EPSS 0.07 % (30^th)

Affected Products 3

Advisories 30

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-09-11 09:15:09
(12 months ago)
Updated Date: 2023-09-13 03:46:49
(12 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 117.0 version	cpe:2.3:a:mozilla:firefox	< 117.0
Mozilla Firefox Esr prior 115.2 version	cpe:2.3:a:mozilla:firefox_esr	< 115.2
Mozilla Thunderbird prior 115.2 version	cpe:2.3:a:mozilla:thunderbird	< 115.2