Severity
High
Analysis Summary
CVE-2023-32215 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-32206 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-bounds read. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a crash in the RLBox Expat driver.
CVE-2023-32205 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of browser prompts by popups controlled by content. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
Impact
- Code Execution
- Gain Access
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-32215
- CVE-2023-32206
- CVE-2023-32205
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 112
- Mozilla Firefox ESR 102.10
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.