CVE-2023-4583

CVSS v3.1 7.5 (High)

EPSS 0.06 % (27^th)

Affected Products 3

Advisories 30

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-09-11 09:15:09
(12 months ago)
Updated Date: 2023-09-14 03:52:30
(12 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 117.0 version	cpe:2.3:a:mozilla:firefox	< 117.0
Mozilla Firefox Esr prior 115.2 version	cpe:2.3:a:mozilla:firefox_esr	< 115.2
Mozilla Thunderbird prior 115.2 version	cpe:2.3:a:mozilla:thunderbird	< 115.2