CVE-2023-4577 Information

Description

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117 Firefox ESR < 115.2 and Thunderbird < 115.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://www.mozilla.org/security/advisories/mfsa2023-34/ https://www.mozilla.org/security/advisories/mfsa2023-36/ https://bugzilla.mozilla.org/show_bug.cgi?id=1847397 https://www.mozilla.org/security/advisories/mfsa2023-38/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5