Bug 2170380 (CVE-2023-25738)
| Summary: | CVE-2023-25738 Mozilla: Printing on Windows could potentially crash Firefox with some device drivers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 102.8, thunderbird 102.8 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
Members of the `DEVMODEW` struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.*
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-16 15:42:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2167576 | ||
|
Description
Dhananjay Arunesh
2023-02-16 09:09:29 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-25738 |