March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Chaos Ransomware – Active IOCs
March 15, 2023Rewterz Threat Alert -Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
March 15, 2023Rewterz Threat Advisory – Chaos Ransomware – Active IOCs
March 15, 2023Rewterz Threat Alert -Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
March 15, 2023
Severity
Medium
Analysis Summary
CVE-2023-28177 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-28176 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-28163 CVSS:6.5
Mozilla Firefox could provide weaker than expected, caused by an error when the Windows Save As dialog resolve environment variables. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2023-25752 CVSS:6.5
Mozilla Firefox could provide weaker than expected, caused by an out-of-bounds when accessing throttled streams. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to lead future code to be incorrect and vulnerable.
CVE-2023-28162 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by invalid downcast in Worklets. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2023-28161 CVSS:6.5
Mozilla Firefox could provide weaker than expected, caused by an error when one-time permissions granted to a local file were extended to other local files loaded in the same tab. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2023-28160 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leak of the local path when following a redirect to a publicly accessible web extension file. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-25751 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by incorrect code generation during JIT compilation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2023-25750 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leak of a ServiceWorker’s offline cache when using private browsing mode. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-25749 CVSS:6.5
Mozilla Firefox for Android could provide weaker than expected security, caused by the opening of third-party apps without prompt. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to launch android applications with unpatched vulnerabilities.
CVE-2023-25748 CVSS:6.5
Mozilla Firefox for Android could allow a remote attacker to conduct spoofing attacks, caused by the hiding of the fullscreen notification using window prompts. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause user confusion or perform spoofing attacks.
CVE-2023-28159 CVSS:6.5
Mozilla Firefox for Android could allow a remote attacker to conduct spoofing attacks, caused by the hiding of the fullscreen notification using download popups. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause user confusion or perform spoofing attacks.
CVE-2023-28164 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by dragging a URL from a cross-origin iframe that was removed during the drag. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause user confusion or perform spoofing attacks.
Impact
- Code Execution
- Denial of Service
- Information Disclosure
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2023-28177
- CVE-2023-28176
- CVE-2023-28163
- CVE-2023-25752
- CVE-2023-28162
- CVE-2023-28161
- CVE-2023-28160
- CVE-2023-25751
- CVE-2023-25750
- CVE-2023-25749
- CVE-2023-25748
- CVE-2023-28159
- CVE-2023-28164
Affected Vendors
Mozilla
Affected Products
- Mozilla firefox 110
- Mozilla Firefox for Android 110
- Mozilla Firefox ESR 102.8
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.