Severity
High
Analysis Summary
CVE-2023-34416 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-34414 CVSS:8.1
Mozilla Firefox could allow a remote attacker to hijack the clicking action of the victim, caused by the error page for sites with invalid TLS certificates missing the activation-delay. By persuading a victim to click in precise locations immediately before navigating to a Web site with a certificate error, a remote attacker could exploit this vulnerability through rendering lag to hijack certificate exceptions.
CVE-2023-34415 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to sites that allow open redirects to data: urls. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass the site-isolation protections against Spectre-like attacks on sites that host an “open redirect”.
CVE-2023-34417 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Gain Access
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-34416
- CVE-2023-34414
- CVE-2023-34415
- CVE-2023-34417
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 113
- Mozilla Firefox ESR 102.11
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.