CVE-2023-4583
Mozilla: Browsing Context potentially not cleared when closing Private Window
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Al comprobar si el contexto de navegación se había descartado en `HttpBaseChannel`, si el grupo de carga no estaba disponible, se suponía que ya se había descartado, lo que no siempre era el caso para los canales privados después de que finalizaba la sesión privada. Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 115.2 y Thunderbird < 115.2.
The Mozilla Foundation Security Advisory describes this flaw as:
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-08-29 CVE Reserved
- 2023-08-30 CVE Published
- 2024-09-19 CVE Updated
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-179: Incorrect Behavior Order: Early Validation
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1842030 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2023-34 | 2023-09-14 | |
https://www.mozilla.org/security/advisories/mfsa2023-36 | 2023-09-14 | |
https://www.mozilla.org/security/advisories/mfsa2023-38 | 2023-09-14 | |
https://access.redhat.com/security/cve/CVE-2023-4583 | 2023-09-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2236082 | 2023-09-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 117.0 Search vendor "Mozilla" for product "Firefox" and version " < 117.0" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 115.2 Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 115.2 Search vendor "Mozilla" for product "Thunderbird" and version " < 115.2" | - |
Affected
|