CVE-2023-25731

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

D

ue to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1801542	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-05/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1801542	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-05/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1801542	Issue Tracking Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

10 Jan 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-1284
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1801542 - Issue Tracking, Permissions Required~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1801542 - Issue Tracking, Permissions Required

21 Nov 2024, 07:50

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1801542 - Issue Tracking, Permissions Required~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1801542 - Issue Tracking, Permissions Required
References	~~() https://www.mozilla.org/security/advisories/mfsa2023-05/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2023-05/ - Vendor Advisory

Information

Published : 2023-06-02 17:15

Updated : 2025-01-10 18:15

NVD link : CVE-2023-25731

Mitre link : CVE-2023-25731

CVE.ORG link : CVE-2023-25731

JSON object : View

Products Affected

firefox

CWE

NVD-CWE-noinfo CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2023-25731", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-06-02T17:15:11.147", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801542", "tags": ["Issue Tracking", "Permissions Required"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801542", "tags": ["Issue Tracking", "Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801542", "tags": ["Issue Tracking", "Permissions Required"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110."}], "lastModified": "2025-01-10T18:15:18.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1", "versionEndExcluding": "110.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}