CVE-2023-5728
Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Durante la recolección de la "basura" se realizaron operaciones adicionales en un objeto que no debería realizarse. Esto podría haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1.
The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash.
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Kelsey Gilbert discovered that Firefox did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-10-23 CVE Reserved
- 2023-10-24 CVE Published
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
- CWE-416: Use After Free
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html | Mailing List |
|
| https://www.debian.org/security/2023/dsa-5535 | Mailing List |
|
| https://www.debian.org/security/2023/dsa-5538 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1852729 | 2023-11-02 | |
| https://www.mozilla.org/security/advisories/mfsa2023-45 | 2023-11-02 | |
| https://www.mozilla.org/security/advisories/mfsa2023-46 | 2023-11-02 | |
| https://www.mozilla.org/security/advisories/mfsa2023-47 | 2023-11-02 | |
| https://access.redhat.com/security/cve/CVE-2023-5728 | 2023-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245903 | 2023-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 119.0 Search vendor "Mozilla" for product "Firefox" and version " < 119.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 115.4 Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 115.4.1 Search vendor "Mozilla" for product "Thunderbird" and version " < 115.4.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||