Severity
High
Analysis Summary
CVE-2023-32208 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using dynamic import() to obtain script base URL.
CVE-2023-32210 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by incorrect principal object ordering. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a document to be loaded with a higher privileged principal than intended.
CVE-2023-32212 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the address bar. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2023-32207 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a missing delay in popup notifications. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trick a user into granting permissions.
CVE-2023-32213 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in FileReader::DoReadData(). By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-32209 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using a specially crafted favicon to cause an out of memory crash.
CVE-2023-32211 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a type checking bug. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a content process crash.
CVE-2023-32214 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by an error related to protocol handlers ms-cxh and ms-cxh-full. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-32216 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Gain Access
- Denial of Service
- Information Disclosure
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-32208
- CVE-2023-32210
- CVE-2023-32212
- CVE-2023-32207
- CVE-2023-32213
- CVE-2023-32209
- CVE-2023-32211
- CVE-2023-32214
- CVE-2023-32216
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 112
- Mozilla Firefox ESR 102.10
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.