Lucene search

K

Veracode Vulnerability DatabaseVERACODE:44803

HistoryDec 25, 2023 - 2:48 a.m.

Use After Free

2023-12-2502:48:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

use after free

firefox

nsdnsservice::init

vulnerability

confidentiality

integrity

availability

system

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

41.7%

Firefox is vulnerable to Use After Free. The vulnerability is caused due to a flaw in function nsDNSService::Init which appears to manifest rarely during start-up. This can lead to compromising Confidentiality, Integrity and Availability of the system.

References

bugzilla.mozilla.org/show_bug.cgi?id=1868042

lists.debian.org/debian-lts-announce/2023/12/msg00020.html

lists.debian.org/debian-lts-announce/2023/12/msg00021.html

security-tracker.debian.org/tracker/CVE-2023-6862

security.gentoo.org/glsa/202401-10

www.debian.org/security/2023/dsa-5581

www.debian.org/security/2023/dsa-5582

www.mozilla.org/security/advisories/mfsa2023-54/

www.mozilla.org/security/advisories/mfsa2023-55/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

41.7%

Related for VERACODE:44803