CVE-2023-23597
Logic bug in process allocation allowed to read arbitrary files
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 jun 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.
Produtos afetados
Mozilla · Firefox