A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when accessing throttled streams, the count of available bytes needs to be checked in the calling function to be within bounds. This may have led future code to be incorrect and vulnerable.

References

bugzilla.redhat.com/show_bug.cgi?id=2178460

nvd.nist.gov/vuln/detail/CVE-2023-25752

www.cve.org/CVERecord?id=CVE-2023-25752

www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752

www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25752

alpinelinux 1

veracode 1

ubuntucve 1

prion 1

cve 1

nvd 1

debiancve 1

cvelist 1

nessus 58

oraclelinux 6

openvas 20

osv 15

almalinux 4

redhat 16

debian 4

rocky 4

amazon 1

mageia 2

ibm 2

centos 1

kaspersky 3

altlinux 2

slackware 2

mozilla 3

ubuntu 3

redos 1

gentoo 2

photon 1

alpinelinux

CVE-2023-25752

2023-06-02 17:15:11

veracode

Denial Of Service (DoS)

2023-03-16 15:07:12

ubuntucve

CVE-2023-25752

2023-03-15 00:00:00

prion

Out-of-bounds

2023-06-02 17:15:00

cve

CVE-2023-25752

2023-06-02 17:15:11

nvd

CVE-2023-25752

2023-06-02 17:15:11

debiancve

CVE-2023-25752

2023-06-02 17:15:11

cvelist

CVE-2023-25752

2023-06-02 00:00:00

nessus

Rocky Linux 9 : firefox (RLSA-2023:1337)

2023-04-06 00:00:00

Oracle Linux 7 : firefox (ELSA-2023-1333)

2023-03-21 00:00:00

RHEL 8 : firefox (RHSA-2023:1444)

2023-03-23 00:00:00

oraclelinux

firefox security update

2023-03-20 00:00:00

firefox security update

2023-03-20 00:00:00

thunderbird security update

2023-03-22 00:00:00

openvas

Mageia: Security Advisory (MGASA-2023-0116)

2023-03-28 00:00:00

Debian: Security Advisory (DLA-3365-1)

2023-03-20 00:00:00

Mageia: Security Advisory (MGASA-2023-0111)

2023-03-28 00:00:00

osv

Important: firefox security update

2023-03-28 13:07:10

Important: thunderbird security update

2023-03-28 13:07:54

thunderbird - security update

2023-03-20 00:00:00

almalinux

Important: firefox security update

2023-03-20 00:00:00

Important: thunderbird security update

2023-03-22 00:00:00

Important: thunderbird security update

2023-03-22 00:00:00

redhat

(RHSA-2023:1367) Important: firefox security update

2023-03-21 09:22:22

(RHSA-2023:1401) Important: thunderbird security update

2023-03-22 09:54:37

(RHSA-2023:1364) Important: firefox security update

2023-03-21 08:07:36

debian

[SECURITY] [DLA 3364-1] firefox-esr security update

2023-03-17 13:24:29

[SECURITY] [DSA 5374-1] firefox-esr security update

2023-03-15 19:24:11

[SECURITY] [DLA 3365-1] thunderbird security update

2023-03-20 07:44:55

rocky

thunderbird security update

2023-03-28 13:07:10

firefox security update

2023-03-28 13:07:10

firefox security update

2023-04-06 15:53:36

amazon

Important: thunderbird

2023-03-17 16:34:00

mageia

Updated firefox packages fix security vulnerability

2023-03-24 08:55:49

Updated thunderbird packages fix security vulnerability

2023-03-24 08:55:49

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.9ESR) have affected APM Synthetic Playback Agent

2023-05-22 10:20:09

Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.

2023-08-31 11:04:58

centos

firefox security update

2023-03-22 14:00:31

kaspersky

KLA48571 Multiple vulnerabilities in Mozilla Thunderbird

2023-03-14 00:00:00

KLA48552 Multiple vulnerabilities in Mozilla Firefox ESR

2023-03-14 00:00:00

KLA48551 Multiple vulnerabilities in Mozilla Firefox

2023-03-14 00:00:00

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 102.9.0-alt1

2023-03-31 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 102.9.0-alt1

2023-03-31 00:00:00

slackware

[slackware-security] mozilla-thunderbird

2023-03-17 00:39:20

[slackware-security] mozilla-firefox

2023-03-14 21:32:39

mozilla

Security Vulnerabilities fixed in Thunderbird 102.9 — Mozilla

2023-03-14 00:00:00

Security Vulnerabilities fixed in Firefox ESR 102.9 — Mozilla

2023-03-14 00:00:00

Security Vulnerabilities fixed in Firefox 111 — Mozilla

2023-03-14 00:00:00

ubuntu

Thunderbird vulnerabilities

2023-03-27 00:00:00

Firefox regressions

2023-03-27 00:00:00

Firefox vulnerabilities

2023-03-15 00:00:00

redos

ROS-20230420-03

2023-04-20 00:00:00

gentoo

Mozilla Thunderbird: Multiple Vulnerabilities

2023-05-30 00:00:00

Mozilla Firefox: Multiple Vulnerabilities

2023-05-30 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0035

2023-06-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

41.6%

JSON

Related for RH:CVE-2023-25752