Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-25728 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a Content security policy leak in violation reports using iframes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using the Content-Security-Policy-Report-Only header to leak a child iframe’s unredacted URI.

CVE-2023-25730 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a background script that invokes requestFullscreen and then blocks the main thread. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to hijack the screen and conduct a spoofing attack.

CVE-2023-25743 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a lack of in app notification for entering fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the Web site.

CVE-2023-0767 CVSS:8.8

Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an arbitrary memory write. By constructing a PKCS 12 cert bundle in such a way, a remote attacker could exploit this vulnerability using PKCS 12 Safe Bag attributes to allow for arbitrary memory writes and execute arbitrary code on the vulnerable system.

CVE-2023-25735 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free from compartment mismatch in SpiderMonkey. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-25737 CVSS:8.8

Mozilla Firefox could provide weaker than expected security, caused by an invalid downcast from nsTextNode to SVGElement. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to undefined behavior.

CVE-2023-25738 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by the failure to validate members of the DEVMODEW struct set by the printer device driver. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to attempt out of bounds access to related variables, resulting in a crash.

CVE-2023-25739 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free mozilla::dom::ScriptLoadContext::~ScriptLoadContext. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-25729 CVSS:8.8

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by permission prompts for opening external schemes being opened by extensions and without user interaction. A remote attacker could exploit this vulnerability to conduct malicious actions such as downloading files or interacting with software already installed on the system.

CVE-2023-25732 CVSS:6.5

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write from EncodeInputStream. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-25734 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the opening of local .url files. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to unexpected network requests from the operating system.

CVE-2023-25740 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the opening of local .scf files. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to unexpected network requests from the operating system.

CVE-2023-25731 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution when rendering URLPreview. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to overwrite global objects in privileged code and execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-25733 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by a NULL pointer dereference in TaskbarPreviewCallback. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-25736 CVSS:6.5

Mozilla Firefox could provide weaker than expected security, caused by an invalid downcast from nsHTMLDocument to nsIContent. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to undefined behavior.

CVE-2023-25741 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a same-origin policy leak when dragging and dropping an image. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain the image’s size.

CVE-2023-25742 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by the improper handling of the key when importing a SPKI RSA public key as ECDSA P-256. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the tab to crash.

CVE-2023-25743 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by a lack of in app notification for entering fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the Web site.

CVE-2023-25744 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-25745 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

• Gain Access
• Code Execution
• Denial of Service
• Information Disclosure
• Security Bypass

Indicators Of Compromise

CVE

• CVE-2023-25728
• CVE-2023-25730
• CVE-2023-25743
• CVE-2023-0767
• CVE-2023-25735
• CVE-2023-25737
• CVE-2023-25738
• CVE-2023-25739
• CVE-2023-25729
• CVE-2023-25732
• CVE-2023-25734
• CVE-2023-25740
• CVE-2023-25731
• CVE-2023-25733
• CVE-2023-25736
• CVE-2023-25741
• CVE-2023-25742
• CVE-2023-25744
• CVE-2023-25745

Affected Vendors

Mozilla

Affected Products

• Mozilla Firefox 109
• Mozilla Firefox ESR 102.7

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory