CVE-2023-25738
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
02/06/2023
Last modified:
09/01/2025
Description
Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 110.0 (excluding) | |
| cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* | 102.8 (excluding) | |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 102.8 (excluding) | |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811852
- https://www.mozilla.org/security/advisories/mfsa2023-05/
- https://www.mozilla.org/security/advisories/mfsa2023-06/
- https://www.mozilla.org/security/advisories/mfsa2023-07/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811852
- https://www.mozilla.org/security/advisories/mfsa2023-05/
- https://www.mozilla.org/security/advisories/mfsa2023-06/
- https://www.mozilla.org/security/advisories/mfsa2023-07/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811852