2170392 – (CVE-2023-25745) CVE-2023-25745 Mozilla: Memory safety bugs fixed in Firefox 110

Bug 2170392 (CVE-2023-25745) - CVE-2023-25745 Mozilla: Memory safety bugs fixed in Firefox 110

Summary: CVE-2023-25745 Mozilla: Memory safety bugs fixed in Firefox 110

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-25745
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2156039
TreeView+	depends on / blocked

Reported:	2023-02-16 09:10 UTC by Dhananjay Arunesh
Modified:	2023-02-16 18:01 UTC (History)
CC List:	4 users (show)
Fixed In Version:	firefox 110
Clone Of:
Environment:
Last Closed:	2023-02-16 09:31:37 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-02-16 09:10:53 UTC

Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745

Note You need to log in before you can comment on or make changes to this bug.