CVE-2023-23604
First published: Tue Jan 17 2023(Updated: )
A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <109 | 109 |
| <109 | 109 | |
| Mozilla Firefox | <109.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-23604.
What is the title of this vulnerability?
The title of this vulnerability is 'A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString'.
What software is affected by this vulnerability?
This vulnerability affects Mozilla Firefox version up to exclusive 109.
What is the severity of CVE-2023-23604?
The severity of CVE-2023-23604 is low.
How can this vulnerability be exploited?
This vulnerability could lead to bypassing web security checks.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/references
- agent/author
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/tags
- agent/event
- agent/description
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla firefox