Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-4583

Опубликовано: 11 сент. 2023
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Уязвимость некорректной проверки состояния Browsing Context в Firefox и Thunderbird

Описание

При проверке, был ли удален контекст просмотра (Browsing Context) в HttpBaseChannel, если группа загрузки (load group) была недоступна, предполагалось, что контекст уже был удален. Однако это не всегда было верно для приватных каналов после завершения приватной сессии.

Затронутые версии ПО

  • Firefox < 117
  • Firefox ESR < 115.2
  • Thunderbird < 115.2

Тип уязвимости

  • Некорректная обработка данных
  • Логическая ошибка

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Версия до 117.0 (исключая)
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Версия до 115.2 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия до 115.2 (исключая)

EPSS

Процентиль: 33%
0.00128
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-754

Связанные уязвимости

ubuntu логотип

CVE-2023-4583

CVSS3: 7.5
ubuntu
около 2 лет назад

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

redhat логотип

CVE-2023-4583

CVSS3: 7.5
redhat
около 2 лет назад

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

msrc логотип

CVE-2023-4583

msrc
3 месяца назад

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

debian логотип

CVE-2023-4583

CVSS3: 7.5
debian
около 2 лет назад

When checking if the Browsing Context had been discarded in `HttpBaseC ...

github логотип

GHSA-wxxp-w379-49qj

CVSS3: 7.5
github
около 2 лет назад

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

EPSS

Процентиль: 33%
0.00128
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-754