Home > Vulnerability Database > CVE-2023-25738

Mend.io Vulnerability Database

CVE-2023-25738

Date: June 1, 2023

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Language: C++

Severity Score

6.5

Related Resources (8)

Url: https://www.mozilla.org/security/advisories/mfsa2023-06/

Url: https://github.com/mozilla/gecko-dev/commit/5e2a87e6827cfef54ad5703702fa93ac205f0879

Url: https://www.mozilla.org/security/advisories/mfsa2023-05/

Url: https://www.mozilla.org/security/advisories/mfsa2023-07/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1811852

Url: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25737

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25738

Url: https://www.mend.io/vulnerability-database/CVE-2023-25738

Severity Score

6.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25738

Date: June 1, 2023

Language: C++

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?